feat: upgrade Istio to 1.11.2, fix for TCP keepalive filter
This commit is contained in:
parent
1c859d7700
commit
aabbb2bb33
@ -2,8 +2,8 @@ apiVersion: v2
|
|||||||
name: kubezero-istio-ingress
|
name: kubezero-istio-ingress
|
||||||
description: KubeZero Umbrella Chart for Istio based Ingress
|
description: KubeZero Umbrella Chart for Istio based Ingress
|
||||||
type: application
|
type: application
|
||||||
version: 0.7.3
|
version: 0.7.4
|
||||||
appVersion: 1.11.1
|
appVersion: 1.11.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -16,9 +16,9 @@ dependencies:
|
|||||||
version: ">= 0.1.4"
|
version: ">= 0.1.4"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: istio-ingress
|
- name: istio-ingress
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
condition: istio-ingress.enabled
|
condition: istio-ingress.enabled
|
||||||
- name: istio-private-ingress
|
- name: istio-private-ingress
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
condition: istio-private-ingress.enabled
|
condition: istio-private-ingress.enabled
|
||||||
kubeVersion: ">= 1.18.0"
|
kubeVersion: ">= 1.18.0"
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-ingress
|
name: istio-ingress
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio gateways
|
description: Helm chart for deploying Istio gateways
|
||||||
keywords:
|
keywords:
|
||||||
|
|||||||
@ -165,7 +165,7 @@ global:
|
|||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
|
|
||||||
# Default tag for Istio images.
|
# Default tag for Istio images.
|
||||||
tag: 1.11.1
|
tag: 1.11.2
|
||||||
|
|
||||||
# Specify image pull policy if default behavior isn't desired.
|
# Specify image pull policy if default behavior isn't desired.
|
||||||
# Default behavior: latest images will be Always else IfNotPresent.
|
# Default behavior: latest images will be Always else IfNotPresent.
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-private-ingress
|
name: istio-private-ingress
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio gateways
|
description: Helm chart for deploying Istio gateways
|
||||||
keywords:
|
keywords:
|
||||||
|
|||||||
@ -165,7 +165,7 @@ global:
|
|||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
|
|
||||||
# Default tag for Istio images.
|
# Default tag for Istio images.
|
||||||
tag: 1.11.1
|
tag: 1.11.2
|
||||||
|
|
||||||
# Specify image pull policy if default behavior isn't desired.
|
# Specify image pull policy if default behavior isn't desired.
|
||||||
# Default behavior: latest images will be Always else IfNotPresent.
|
# Default behavior: latest images will be Always else IfNotPresent.
|
||||||
|
|||||||
@ -16,23 +16,18 @@ spec:
|
|||||||
operation: MERGE
|
operation: MERGE
|
||||||
value:
|
value:
|
||||||
socket_options:
|
socket_options:
|
||||||
# SOL_SOCKET = 1
|
- level: 1 # SOL_SOCKET = 1
|
||||||
# SO_KEEPALIVE = 9
|
name: 9 # SO_KEEPALIVE = 9
|
||||||
- level: 1
|
|
||||||
name: 9
|
|
||||||
int_value: 1
|
int_value: 1
|
||||||
state: STATE_LISTENING
|
state: STATE_PREBIND
|
||||||
# IPPROTO_TCP = 6
|
- level: 6 # IPPROTO_TCP = 6
|
||||||
# TCP_KEEPIDLE = 4
|
name: 4 # TCP_KEEPIDLE = 4
|
||||||
- level: 6
|
|
||||||
name: 4
|
|
||||||
int_value: 120
|
int_value: 120
|
||||||
state: STATE_LISTENING
|
state: STATE_PREBIND
|
||||||
# TCP_KEEPINTVL = 5
|
- level: 6 # IPPROTO_TCP = 6
|
||||||
- level: 6
|
name: 5 # TCP_KEEPINTVL = 5
|
||||||
name: 5
|
|
||||||
int_value: 60
|
int_value: 60
|
||||||
state: STATE_LISTENING
|
state: STATE_PREBIND
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if index .Values "istio-private-ingress" "enabled" }}
|
{{- if index .Values "istio-private-ingress" "enabled" }}
|
||||||
@ -54,21 +49,16 @@ spec:
|
|||||||
operation: MERGE
|
operation: MERGE
|
||||||
value:
|
value:
|
||||||
socket_options:
|
socket_options:
|
||||||
# SOL_SOCKET = 1
|
- level: 1 # SOL_SOCKET = 1
|
||||||
# SO_KEEPALIVE = 9
|
name: 9 # SO_KEEPALIVE = 9
|
||||||
- level: 1
|
|
||||||
name: 9
|
|
||||||
int_value: 1
|
int_value: 1
|
||||||
state: STATE_LISTENING
|
state: STATE_PREBIND
|
||||||
# IPPROTO_TCP = 6
|
- level: 6 # IPPROTO_TCP = 6
|
||||||
# TCP_KEEPIDLE = 4
|
name: 4 # TCP_KEEPIDLE = 4
|
||||||
- level: 6
|
|
||||||
name: 4
|
|
||||||
int_value: 120
|
int_value: 120
|
||||||
state: STATE_LISTENING
|
state: STATE_PREBIND
|
||||||
# TCP_KEEPINTVL = 5
|
- level: 6 # IPPROTO_TCP = 6
|
||||||
- level: 6
|
name: 5 # TCP_KEEPINTVL = 5
|
||||||
name: 5
|
|
||||||
int_value: 60
|
int_value: 60
|
||||||
state: STATE_LISTENING
|
state: STATE_PREBIND
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@ -2,8 +2,8 @@ apiVersion: v2
|
|||||||
name: kubezero-istio
|
name: kubezero-istio
|
||||||
description: KubeZero Umbrella Chart for Istio
|
description: KubeZero Umbrella Chart for Istio
|
||||||
type: application
|
type: application
|
||||||
version: 0.7.3
|
version: 0.7.4
|
||||||
appVersion: 1.11.1
|
appVersion: 1.11.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -16,9 +16,9 @@ dependencies:
|
|||||||
version: ">= 0.1.4"
|
version: ">= 0.1.4"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: base
|
- name: base
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
- name: istio-discovery
|
- name: istio-discovery
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
- name: kiali-server
|
- name: kiali-server
|
||||||
version: 1.38.1
|
version: 1.38.1
|
||||||
# repository: https://github.com/kiali/helm-charts/tree/master/docs
|
# repository: https://github.com/kiali/helm-charts/tree/master/docs
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: base
|
name: base
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio cluster resources and CRDs
|
description: Helm chart for deploying Istio cluster resources and CRDs
|
||||||
keywords:
|
keywords:
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-discovery
|
name: istio-discovery
|
||||||
version: 1.11.1
|
version: 1.11.2
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for istio control plane
|
description: Helm chart for istio control plane
|
||||||
keywords:
|
keywords:
|
||||||
|
|||||||
@ -239,7 +239,7 @@ global:
|
|||||||
# Dev builds from prow are on gcr.io
|
# Dev builds from prow are on gcr.io
|
||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
# Default tag for Istio images.
|
# Default tag for Istio images.
|
||||||
tag: 1.11.1
|
tag: 1.11.2
|
||||||
|
|
||||||
# Specify image pull policy if default behavior isn't desired.
|
# Specify image pull policy if default behavior isn't desired.
|
||||||
# Default behavior: latest images will be Always else IfNotPresent.
|
# Default behavior: latest images will be Always else IfNotPresent.
|
||||||
|
|||||||
@ -4,7 +4,7 @@ set -ex
|
|||||||
### TODO
|
### TODO
|
||||||
# - https://istio.io/latest/docs/ops/configuration/security/harden-docker-images/
|
# - https://istio.io/latest/docs/ops/configuration/security/harden-docker-images/
|
||||||
|
|
||||||
export ISTIO_VERSION=1.11.1
|
export ISTIO_VERSION=1.11.2
|
||||||
export KIALI_VERSION=1.38.1
|
export KIALI_VERSION=1.38.1
|
||||||
|
|
||||||
rm -rf istio
|
rm -rf istio
|
||||||
|
|||||||
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero
|
name: kubezero
|
||||||
description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
|
description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
|
||||||
type: application
|
type: application
|
||||||
version: 1.20.8-8
|
version: 1.20.8-9
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
|||||||
@ -8,7 +8,7 @@ HighAvailableControlplane: false
|
|||||||
|
|
||||||
addons:
|
addons:
|
||||||
enabled: false
|
enabled: false
|
||||||
targetRevision: 0.0.1
|
targetRevision: 0.1.0
|
||||||
|
|
||||||
calico:
|
calico:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -44,12 +44,12 @@ istio:
|
|||||||
enabled: false
|
enabled: false
|
||||||
crds: true
|
crds: true
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
targetRevision: 0.7.3
|
targetRevision: 0.7.4
|
||||||
|
|
||||||
istio-ingress:
|
istio-ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: istio-ingress
|
namespace: istio-ingress
|
||||||
targetRevision: 0.7.2
|
targetRevision: 0.7.4
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user