feat: upgrade Istio to 1.11.2, fix for TCP keepalive filter

This commit is contained in:
Stefan Reimer 2021-09-07 12:38:14 +02:00
parent 1c859d7700
commit aabbb2bb33
13 changed files with 38 additions and 48 deletions

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio-ingress
description: KubeZero Umbrella Chart for Istio based Ingress
type: application
version: 0.7.3
appVersion: 1.11.1
version: 0.7.4
appVersion: 1.11.2
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -16,9 +16,9 @@ dependencies:
version: ">= 0.1.4"
repository: https://zero-down-time.github.io/kubezero/
- name: istio-ingress
version: 1.11.1
version: 1.11.2
condition: istio-ingress.enabled
- name: istio-private-ingress
version: 1.11.1
version: 1.11.2
condition: istio-private-ingress.enabled
kubeVersion: ">= 1.18.0"

View File

@ -1,6 +1,6 @@
apiVersion: v1
name: istio-ingress
version: 1.11.1
version: 1.11.2
tillerVersion: ">=2.7.2"
description: Helm chart for deploying Istio gateways
keywords:

View File

@ -165,7 +165,7 @@ global:
hub: docker.io/istio
# Default tag for Istio images.
tag: 1.11.1
tag: 1.11.2
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.

View File

@ -1,6 +1,6 @@
apiVersion: v1
name: istio-private-ingress
version: 1.11.1
version: 1.11.2
tillerVersion: ">=2.7.2"
description: Helm chart for deploying Istio gateways
keywords:

View File

@ -165,7 +165,7 @@ global:
hub: docker.io/istio
# Default tag for Istio images.
tag: 1.11.1
tag: 1.11.2
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.

View File

@ -16,23 +16,18 @@ spec:
operation: MERGE
value:
socket_options:
# SOL_SOCKET = 1
# SO_KEEPALIVE = 9
- level: 1
name: 9
- level: 1 # SOL_SOCKET = 1
name: 9 # SO_KEEPALIVE = 9
int_value: 1
state: STATE_LISTENING
# IPPROTO_TCP = 6
# TCP_KEEPIDLE = 4
- level: 6
name: 4
state: STATE_PREBIND
- level: 6 # IPPROTO_TCP = 6
name: 4 # TCP_KEEPIDLE = 4
int_value: 120
state: STATE_LISTENING
# TCP_KEEPINTVL = 5
- level: 6
name: 5
state: STATE_PREBIND
- level: 6 # IPPROTO_TCP = 6
name: 5 # TCP_KEEPINTVL = 5
int_value: 60
state: STATE_LISTENING
state: STATE_PREBIND
{{- end }}
{{- if index .Values "istio-private-ingress" "enabled" }}
@ -54,21 +49,16 @@ spec:
operation: MERGE
value:
socket_options:
# SOL_SOCKET = 1
# SO_KEEPALIVE = 9
- level: 1
name: 9
- level: 1 # SOL_SOCKET = 1
name: 9 # SO_KEEPALIVE = 9
int_value: 1
state: STATE_LISTENING
# IPPROTO_TCP = 6
# TCP_KEEPIDLE = 4
- level: 6
name: 4
state: STATE_PREBIND
- level: 6 # IPPROTO_TCP = 6
name: 4 # TCP_KEEPIDLE = 4
int_value: 120
state: STATE_LISTENING
# TCP_KEEPINTVL = 5
- level: 6
name: 5
state: STATE_PREBIND
- level: 6 # IPPROTO_TCP = 6
name: 5 # TCP_KEEPINTVL = 5
int_value: 60
state: STATE_LISTENING
state: STATE_PREBIND
{{- end }}

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio
description: KubeZero Umbrella Chart for Istio
type: application
version: 0.7.3
appVersion: 1.11.1
version: 0.7.4
appVersion: 1.11.2
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -16,9 +16,9 @@ dependencies:
version: ">= 0.1.4"
repository: https://zero-down-time.github.io/kubezero/
- name: base
version: 1.11.1
version: 1.11.2
- name: istio-discovery
version: 1.11.1
version: 1.11.2
- name: kiali-server
version: 1.38.1
# repository: https://github.com/kiali/helm-charts/tree/master/docs

View File

@ -1,6 +1,6 @@
apiVersion: v1
name: base
version: 1.11.1
version: 1.11.2
tillerVersion: ">=2.7.2"
description: Helm chart for deploying Istio cluster resources and CRDs
keywords:

View File

@ -1,6 +1,6 @@
apiVersion: v1
name: istio-discovery
version: 1.11.1
version: 1.11.2
tillerVersion: ">=2.7.2"
description: Helm chart for istio control plane
keywords:

View File

@ -239,7 +239,7 @@ global:
# Dev builds from prow are on gcr.io
hub: docker.io/istio
# Default tag for Istio images.
tag: 1.11.1
tag: 1.11.2
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.

View File

@ -4,7 +4,7 @@ set -ex
### TODO
# - https://istio.io/latest/docs/ops/configuration/security/harden-docker-images/
export ISTIO_VERSION=1.11.1
export ISTIO_VERSION=1.11.2
export KIALI_VERSION=1.38.1
rm -rf istio

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero
description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
type: application
version: 1.20.8-8
version: 1.20.8-9
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -8,7 +8,7 @@ HighAvailableControlplane: false
addons:
enabled: false
targetRevision: 0.0.1
targetRevision: 0.1.0
calico:
enabled: false
@ -44,12 +44,12 @@ istio:
enabled: false
crds: true
namespace: istio-system
targetRevision: 0.7.3
targetRevision: 0.7.4
istio-ingress:
enabled: false
namespace: istio-ingress
targetRevision: 0.7.2
targetRevision: 0.7.4
metrics:
enabled: false