feat: Adding ingress gateway hardening back into new Istio Helm charts

This commit is contained in:
Stefan Reimer 2022-04-21 18:21:45 +02:00
parent 1a78b7eaaa
commit db1b26b79e
4 changed files with 54 additions and 5 deletions

View File

@ -90,6 +90,10 @@ spec:
name: http-envoy-prom name: http-envoy-prom
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.volumeMounts }}
volumeMounts:
{{- toYaml .Values.volumeMounts | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -102,3 +106,7 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

View File

@ -47,6 +47,12 @@
"labels": { "labels": {
"type": "object" "type": "object"
}, },
"volumes": {
"type": "array"
},
"volumeMounts": {
"type": "array"
},
"name": { "name": {
"type": "string" "type": "string"
}, },

View File

@ -40,7 +40,7 @@ data:
{ {
"name": "envoy.resource_monitors.fixed_heap", "name": "envoy.resource_monitors.fixed_heap",
"typed_config": { "typed_config": {
"@type": "type.googleapis.com/envoy.config.resource_monitor.fixed_heap.v2alpha.FixedHeapConfig", "@type": "type.googleapis.com/envoy.extensions.resource_monitors.fixed_heap.v3.FixedHeapConfig",
"max_heap_size_bytes": 536870912 "max_heap_size_bytes": 536870912
} }
} }

View File

@ -1,6 +1,6 @@
diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/templates/deployment.yaml diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/templates/deployment.yaml
--- charts/gateway.orig/templates/deployment.yaml 2022-04-21 01:00:49.624942235 +0200 --- charts/gateway.orig/templates/deployment.yaml 2022-04-21 17:33:30.042035869 +0200
+++ charts/gateway/templates/deployment.yaml 2022-04-21 01:04:28.276506097 +0200 +++ charts/gateway/templates/deployment.yaml 2022-04-21 18:17:15.130605952 +0200
@@ -11,6 +11,9 @@ @@ -11,6 +11,9 @@
{{- if not .Values.autoscaling.enabled }} {{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
@ -19,9 +19,28 @@ diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/template
serviceAccountName: {{ include "gateway.serviceAccountName" . }} serviceAccountName: {{ include "gateway.serviceAccountName" . }}
securityContext: securityContext:
{{- if .Values.securityContext }} {{- if .Values.securityContext }}
@@ -86,6 +90,10 @@
name: http-envoy-prom
resources:
{{- toYaml .Values.resources | nindent 12 }}
+ {{- if .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml .Values.volumeMounts | nindent 12 }}
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -98,3 +106,7 @@
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml
--- charts/gateway.orig/templates/service.yaml 2022-04-21 01:00:49.628275645 +0200 --- charts/gateway.orig/templates/service.yaml 2022-04-21 17:33:30.042035869 +0200
+++ charts/gateway/templates/service.yaml 2022-04-21 01:08:56.785411051 +0200 +++ charts/gateway/templates/service.yaml 2022-04-21 17:33:41.801806959 +0200
@@ -38,7 +38,14 @@ @@ -38,7 +38,14 @@
port: 15017 port: 15017
targetPort: 15017 targetPort: 15017
@ -38,3 +57,19 @@ diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/s
{{- end }} {{- end }}
selector: selector:
{{- include "gateway.selectorLabels" . | nindent 4 }} {{- include "gateway.selectorLabels" . | nindent 4 }}
diff -tubr charts/gateway.orig/values.schema.json charts/gateway/values.schema.json
--- charts/gateway.orig/values.schema.json 2022-04-21 17:33:30.042035869 +0200
+++ charts/gateway/values.schema.json 2022-04-21 17:52:51.007536238 +0200
@@ -47,6 +47,12 @@
"labels": {
"type": "object"
},
+ "volumes": {
+ "type": "array"
+ },
+ "volumeMounts": {
+ "type": "array"
+ },
"name": {
"type": "string"
},