ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

feat: Adding ingress gateway hardening back into new Istio Helm charts

Browse Source
This commit is contained in:
Stefan Reimer 2022-04-21 18:21:45 +02:00
parent 1a78b7eaaa
commit db1b26b79e
4 changed files with 54 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml
View File

@ -90,6 +90,10 @@ spec:
name: http-envoy-prom
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.volumeMounts }}
volumeMounts:
{{- toYaml .Values.volumeMounts | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@ -102,3 +106,7 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

6
charts/kubezero-istio-gateway/charts/gateway/values.schema.json
View File

@ -47,6 +47,12 @@
"labels": {
"type": "object"
},
"volumes": {
"type": "array"
},
"volumeMounts": {
"type": "array"
},
"name": {
"type": "string"
},

2
charts/kubezero-istio-gateway/templates/bootstrap-config.yaml
View File

@ -40,7 +40,7 @@ data:
{
"name": "envoy.resource_monitors.fixed_heap",
"typed_config": {
"@type": "type.googleapis.com/envoy.config.resource_monitor.fixed_heap.v2alpha.FixedHeapConfig",
"@type": "type.googleapis.com/envoy.extensions.resource_monitors.fixed_heap.v3.FixedHeapConfig",
"max_heap_size_bytes": 536870912
}
}

43
charts/kubezero-istio-gateway/zdt.patch
View File

@ -1,6 +1,6 @@
diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/templates/deployment.yaml
--- charts/gateway.orig/templates/deployment.yaml 2022-04-21 01:00:49.624942235 +0200
+++ charts/gateway/templates/deployment.yaml 2022-04-21 01:04:28.276506097 +0200
--- charts/gateway.orig/templates/deployment.yaml 2022-04-21 17:33:30.042035869 +0200
+++ charts/gateway/templates/deployment.yaml 2022-04-21 18:17:15.130605952 +0200
@@ -11,6 +11,9 @@
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
@ -19,9 +19,28 @@ diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/template
serviceAccountName: {{ include "gateway.serviceAccountName" . }}
securityContext:
{{- if .Values.securityContext }}
@@ -86,6 +90,10 @@
name: http-envoy-prom
resources:
{{- toYaml .Values.resources | nindent 12 }}
+ {{- if .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml .Values.volumeMounts | nindent 12 }}
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -98,3 +106,7 @@
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml
--- charts/gateway.orig/templates/service.yaml 2022-04-21 01:00:49.628275645 +0200
+++ charts/gateway/templates/service.yaml 2022-04-21 01:08:56.785411051 +0200
--- charts/gateway.orig/templates/service.yaml 2022-04-21 17:33:30.042035869 +0200
+++ charts/gateway/templates/service.yaml 2022-04-21 17:33:41.801806959 +0200
@@ -38,7 +38,14 @@
port: 15017
targetPort: 15017
@ -38,3 +57,19 @@ diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/s
{{- end }}
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
diff -tubr charts/gateway.orig/values.schema.json charts/gateway/values.schema.json
--- charts/gateway.orig/values.schema.json 2022-04-21 17:33:30.042035869 +0200
+++ charts/gateway/values.schema.json 2022-04-21 17:52:51.007536238 +0200
@@ -47,6 +47,12 @@
"labels": {
"type": "object"
},
+ "volumes": {
+ "type": "array"
+ },
+ "volumeMounts": {
+ "type": "array"
+ },
"name": {
"type": "string"
},