diff --git a/admin/hooks-1.31.sh b/admin/hooks-1.31.sh index 428a0b25..ead147a4 100644 --- a/admin/hooks-1.31.sh +++ b/admin/hooks-1.31.sh @@ -20,20 +20,28 @@ post_control_plane_upgrade_cluster() { # All things AFTER all contollers are on the new version pre_cluster_upgrade_final() { + set +e if [ "$PLATFORM" == "aws" ];then # cleanup aws-iam-authenticator - kubectl delete clusterrolebinding aws-iam-authenticator || true - kubectl delete clusterrole aws-iam-authenticator || true - kubectl delete serviceaccount aws-iam-authenticator -n kube-system || true - kubectl delete cm aws-iam-authenticator -n kube-system || true - kubectl delete ds aws-iam-authenticator -n kube-system || true - kubectl delete IAMIdentityMapping kubezero-worker-nodes || true - kubectl delete IAMIdentityMapping kubernetes-admin || true - kubectl delete crd iamidentitymappings.iamauthenticator.k8s.aws || true - - kubectl delete secret aws-iam-certs -n kube-system || true + kubectl delete clusterrolebinding aws-iam-authenticator + kubectl delete clusterrole aws-iam-authenticator + kubectl delete serviceaccount aws-iam-authenticator -n kube-system + kubectl delete cm aws-iam-authenticator -n kube-system + kubectl delete ds aws-iam-authenticator -n kube-system + kubectl delete IAMIdentityMapping kubezero-worker-nodes + kubectl delete IAMIdentityMapping kubernetes-admin + kubectl delete crd iamidentitymappings.iamauthenticator.k8s.aws + kubectl delete secret aws-iam-certs -n kube-system fi + + # Remove any helm hook related resources + kubectl delete rolebinding argo-argocd-redis-secret-init -n argocd + kubectl delete sa argo-argocd-redis-secret-init -n argocd + kubectl delete role argo-argocd-redis-secret-init -n argocd + kubectl delete job argo-argocd-redis-secret-init -n argocd + + set -e } diff --git a/charts/envoy-ratelimit/.gitignore b/charts/envoy-ratelimit/.gitignore new file mode 100644 index 00000000..07f190b0 --- /dev/null +++ b/charts/envoy-ratelimit/.gitignore @@ -0,0 +1,3 @@ +istioctl +istio +istio.zdt diff --git a/charts/envoy-ratelimit/.helmignore b/charts/envoy-ratelimit/.helmignore new file mode 100644 index 00000000..be6d0cec --- /dev/null +++ b/charts/envoy-ratelimit/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +README.md.gotmpl +*.patch +*.sh +*.py + +istioctl +istio +istio.zdt diff --git a/charts/envoy-ratelimit/Chart.yaml b/charts/envoy-ratelimit/Chart.yaml new file mode 100644 index 00000000..438769bc --- /dev/null +++ b/charts/envoy-ratelimit/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: envoy-ratelimit +description: Envoy gobal ratelimiting service - part of KubeZero +type: application +version: 0.1.0 +home: https://kubezero.com +icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png +keywords: + - kubezero + - envoy + - istio +maintainers: + - name: Stefan Reimer + email: stefan@zero-downtime.net +dependencies: + - name: kubezero-lib + version: 0.2.1 + repository: https://cdn.zero-downtime.net/charts/ +kubeVersion: ">= 1.31.0-0" diff --git a/charts/envoy-ratelimit/README.md b/charts/envoy-ratelimit/README.md new file mode 100644 index 00000000..9540fa22 --- /dev/null +++ b/charts/envoy-ratelimit/README.md @@ -0,0 +1,37 @@ +# envoy-ratelimit + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Envoy gobal ratelimiting service - part of KubeZero + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Stefan Reimer | | | + +## Requirements + +Kubernetes: `>= 1.31.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| descriptors.ingress[0].key | string | `"remote_address"` | | +| descriptors.ingress[0].rate_limit.requests_per_unit | int | `10` | | +| descriptors.ingress[0].rate_limit.unit | string | `"second"` | | +| descriptors.privateIngress[0].key | string | `"remote_address"` | | +| descriptors.privateIngress[0].rate_limit.requests_per_unit | int | `10` | | +| descriptors.privateIngress[0].rate_limit.unit | string | `"second"` | | +| failureModeDeny | bool | `false` | | +| localCacheSize | int | `1048576` | | +| log.format | string | `"json"` | | +| log.level | string | `"warn"` | | +| metrics.enabled | bool | `true` | | diff --git a/charts/envoy-ratelimit/README.md.gotmpl b/charts/envoy-ratelimit/README.md.gotmpl new file mode 100644 index 00000000..c5fe0000 --- /dev/null +++ b/charts/envoy-ratelimit/README.md.gotmpl @@ -0,0 +1,16 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/kubezero-istio/templates/ratelimit/config-statds-exporter.yaml b/charts/envoy-ratelimit/templates/config-statds-exporter.yaml similarity index 98% rename from charts/kubezero-istio/templates/ratelimit/config-statds-exporter.yaml rename to charts/envoy-ratelimit/templates/config-statds-exporter.yaml index 07917077..41ade6c0 100644 --- a/charts/kubezero-istio/templates/ratelimit/config-statds-exporter.yaml +++ b/charts/envoy-ratelimit/templates/config-statds-exporter.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rateLimiting.enabled }} +{{- if .Values.metrics.enabled }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/kubezero-istio/templates/ratelimit/config.yaml b/charts/envoy-ratelimit/templates/config.yaml similarity index 60% rename from charts/kubezero-istio/templates/ratelimit/config.yaml rename to charts/envoy-ratelimit/templates/config.yaml index e8eff173..e332c2af 100644 --- a/charts/kubezero-istio/templates/ratelimit/config.yaml +++ b/charts/envoy-ratelimit/templates/config.yaml @@ -1,4 +1,3 @@ -{{- if .Values.rateLimiting.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -10,10 +9,9 @@ data: ingress.yaml: | domain: ingress descriptors: - {{- toYaml .Values.rateLimiting.descriptors.ingress | nindent 4 }} + {{- toYaml .Values.descriptors.ingress | nindent 4 }} private-ingress.yaml: | domain: private-ingress descriptors: - {{- toYaml .Values.rateLimiting.descriptors.privateIngress | nindent 4 }} -{{- end }} + {{- toYaml .Values.descriptors.privateIngress | nindent 4 }} diff --git a/charts/kubezero-istio/templates/ratelimit/rate-limit-service.yaml b/charts/envoy-ratelimit/templates/deployment.yaml similarity index 59% rename from charts/kubezero-istio/templates/ratelimit/rate-limit-service.yaml rename to charts/envoy-ratelimit/templates/deployment.yaml index 1c3cc299..6264b76b 100644 --- a/charts/kubezero-istio/templates/ratelimit/rate-limit-service.yaml +++ b/charts/envoy-ratelimit/templates/deployment.yaml @@ -1,71 +1,3 @@ -{{- if .Values.rateLimiting.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: ratelimit-redis - namespace: {{ .Release.Namespace }} - labels: - app: ratelimit-redis -spec: - ports: - - name: redis - port: 6379 - selector: - app: ratelimit-redis ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ratelimit-redis - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: ratelimit-redis - template: - metadata: - labels: - app: ratelimit-redis - spec: - containers: - - image: redis:6-alpine - imagePullPolicy: IfNotPresent - name: redis - ports: - - name: redis - containerPort: 6379 - restartPolicy: Always - serviceAccountName: "" ---- -apiVersion: v1 -kind: Service -metadata: - name: ratelimit - namespace: {{ .Release.Namespace }} - labels: - app: ratelimit -spec: - ports: - #- name: http-port - # port: 8080 - # targetPort: 8080 - # protocol: TCP - - name: grpc-port - port: 8081 - targetPort: 8081 - protocol: TCP - #- name: http-debug - # port: 6070 - # targetPort: 6070 - # protocol: TCP - - name: http-monitoring - port: 9102 - targetPort: 9102 - protocol: TCP - selector: - app: ratelimit ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -90,9 +22,9 @@ spec: command: ["/bin/ratelimit"] env: - name: LOG_LEVEL - value: {{ default "WARN" .Values.rateLimiting.log.level }} + value: {{ default "WARN" .Values.log.level }} - name: LOG_FORMAT - value: {{ default "text" .Values.rateLimiting.log.format }} + value: {{ default "text" .Values.log.format }} - name: REDIS_SOCKET_TYPE value: tcp - name: REDIS_URL @@ -112,7 +44,7 @@ spec: - name: RUNTIME_IGNOREDOTFILES value: "true" - name: LOCAL_CACHE_SIZE_IN_BYTES - value: "{{ default 0 .Values.rateLimiting.localCacheSize | int }}" + value: "{{ default 0 .Values.localCacheSize | int }}" ports: #- containerPort: 8080 - containerPort: 8081 @@ -151,4 +83,3 @@ spec: - name: statsd-exporter-config configMap: name: ratelimit-statsd-exporter-config -{{- end }} diff --git a/charts/kubezero-istio/templates/ratelimit/envoyfilter-cluster.yaml b/charts/envoy-ratelimit/templates/envoyfilter-cluster.yaml similarity index 94% rename from charts/kubezero-istio/templates/ratelimit/envoyfilter-cluster.yaml rename to charts/envoy-ratelimit/templates/envoyfilter-cluster.yaml index 3f74dfc9..ca584eee 100644 --- a/charts/kubezero-istio/templates/ratelimit/envoyfilter-cluster.yaml +++ b/charts/envoy-ratelimit/templates/envoyfilter-cluster.yaml @@ -1,4 +1,3 @@ -{{- if .Values.rateLimiting.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: @@ -27,7 +26,7 @@ spec: typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit domain: ingress - failure_mode_deny: {{ .Values.rateLimiting.failureModeDeny }} + failure_mode_deny: {{ .Values.failureModeDeny }} timeout: 0.5s rate_limit_service: grpc_service: @@ -85,7 +84,7 @@ spec: typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit domain: private-ingress - failure_mode_deny: {{ .Values.rateLimiting.failureModeDeny }} + failure_mode_deny: {{ .Values.failureModeDeny }} timeout: 0.5s rate_limit_service: grpc_service: @@ -113,4 +112,3 @@ spec: socket_address: address: ratelimit.istio-system port_value: 8081 -{{- end }} diff --git a/charts/envoy-ratelimit/templates/redis-deployment.yaml b/charts/envoy-ratelimit/templates/redis-deployment.yaml new file mode 100644 index 00000000..6d999266 --- /dev/null +++ b/charts/envoy-ratelimit/templates/redis-deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ratelimit-redis + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: ratelimit-redis + template: + metadata: + labels: + app: ratelimit-redis + spec: + containers: + - image: redis:6-alpine + imagePullPolicy: IfNotPresent + name: redis + ports: + - name: redis + containerPort: 6379 + restartPolicy: Always + serviceAccountName: "" diff --git a/charts/envoy-ratelimit/templates/redis-service.yaml b/charts/envoy-ratelimit/templates/redis-service.yaml new file mode 100644 index 00000000..0f9bdd90 --- /dev/null +++ b/charts/envoy-ratelimit/templates/redis-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: ratelimit-redis + namespace: {{ .Release.Namespace }} + labels: + app: ratelimit-redis +spec: + ports: + - name: redis + port: 6379 + selector: + app: ratelimit-redis diff --git a/charts/envoy-ratelimit/templates/service.yaml b/charts/envoy-ratelimit/templates/service.yaml new file mode 100644 index 00000000..254dbab4 --- /dev/null +++ b/charts/envoy-ratelimit/templates/service.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: ratelimit + namespace: {{ .Release.Namespace }} + labels: + app: ratelimit +spec: + ports: + #- name: http-port + # port: 8080 + # targetPort: 8080 + # protocol: TCP + - name: grpc-port + port: 8081 + targetPort: 8081 + protocol: TCP + #- name: http-debug + # port: 6070 + # targetPort: 6070 + # protocol: TCP + - name: http-monitoring + port: 9102 + targetPort: 9102 + protocol: TCP + selector: + app: ratelimit diff --git a/charts/kubezero-istio/templates/ratelimit/servicemonitor.yaml b/charts/envoy-ratelimit/templates/servicemonitor.yaml similarity index 83% rename from charts/kubezero-istio/templates/ratelimit/servicemonitor.yaml rename to charts/envoy-ratelimit/templates/servicemonitor.yaml index 0c229371..1b30d42d 100644 --- a/charts/kubezero-istio/templates/ratelimit/servicemonitor.yaml +++ b/charts/envoy-ratelimit/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.istiod.telemetry.enabled .Values.rateLimiting.enabled }} +{{- if and .Values.metrics.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/envoy-ratelimit/update.sh b/charts/envoy-ratelimit/update.sh new file mode 100755 index 00000000..173e8fe7 --- /dev/null +++ b/charts/envoy-ratelimit/update.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -ex + +. ../../scripts/lib-update.sh + +#login_ecr_public +update_helm + +update_docs diff --git a/charts/envoy-ratelimit/values.yaml b/charts/envoy-ratelimit/values.yaml new file mode 100644 index 00000000..ab47791d --- /dev/null +++ b/charts/envoy-ratelimit/values.yaml @@ -0,0 +1,26 @@ +log: + level: warn + format: json + +# 1MB local cache for already reached limits to reduce calls to Redis +localCacheSize: 1048576 + +# Wether to block requests if ratelimiting is down +failureModeDeny: false + +# rate limit descriptors for each domain, examples 10 req/s per sourceIP +descriptors: + ingress: + - key: remote_address + rate_limit: + unit: second + requests_per_unit: 10 + + privateIngress: + - key: remote_address + rate_limit: + unit: second + requests_per_unit: 10 + +metrics: + enabled: true diff --git a/charts/kubezero-istio-gateway/README.md b/charts/kubezero-istio-gateway/README.md index 132bdf02..af129f6c 100644 --- a/charts/kubezero-istio-gateway/README.md +++ b/charts/kubezero-istio-gateway/README.md @@ -1,6 +1,6 @@ # kubezero-istio-gateway -![Version: 0.24.2](https://img.shields.io/badge/Version-0.24.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.24.3](https://img.shields.io/badge/Version-0.24.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio gateways @@ -20,8 +20,8 @@ Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.2 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 | +| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.3 | ## Values @@ -32,8 +32,8 @@ Kubernetes: `>= 1.30.0-0` | gateway.autoscaling.maxReplicas | int | `4` | | | gateway.autoscaling.minReplicas | int | `1` | | | gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| gateway.minReadySeconds | int | `120` | | -| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | | +| gateway.minReadySeconds | int | `10` | | +| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"90s\" }"` | | | gateway.replicaCount | int | `1` | | | gateway.resources.limits.memory | string | `"512Mi"` | | | gateway.resources.requests.cpu | string | `"50m"` | | diff --git a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml index 33743efd..0238a789 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.24.2 +appVersion: 1.24.3 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.24.2 +version: 1.24.3 diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml index e9bfbbd3..9db59d8b 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true - {{- if not (eq .Values.platform "openshift") }} + {{- if not (eq (.Values.platform | default "") "openshift") }} runAsUser: 1337 runAsGroup: 1337 {{- end }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml index 35623047..72d3adc5 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml @@ -49,7 +49,7 @@ Finally, we can set all of that under .Values so the chart behaves without aware {{- $a := mustMergeOverwrite $defaults $profile }} {{- end }} # Flatten globals, if defined on a per-chart basis -{{- if false }} +{{- if true }} {{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} {{- end }} {{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml index f5462c93..dace6f21 100644 --- a/charts/kubezero-istio/Chart.yaml +++ b/charts/kubezero-istio/Chart.yaml @@ -15,6 +15,10 @@ dependencies: - name: kubezero-lib version: 0.2.1 repository: https://cdn.zero-downtime.net/charts/ + - name: envoy-ratelimit + version: 0.1.0 + repository: https://cdn.zero-downtime.net/charts/ + condition: envoy-ratelimit.enabled - name: base version: 1.24.3 repository: https://istio-release.storage.googleapis.com/charts diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index 8194df8f..a15b9fb9 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -1,6 +1,6 @@ # kubezero-istio -![Version: 0.24.2](https://img.shields.io/badge/Version-0.24.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.24.3](https://img.shields.io/badge/Version-0.24.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio @@ -20,15 +20,27 @@ Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://istio-release.storage.googleapis.com/charts | base | 1.24.2 | -| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.2 | -| https://kiali.org/helm-charts | kiali-server | 2.5.0 | +| https://cdn.zero-downtime.net/charts/ | envoy-ratelimit | 0.1.0 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 | +| https://istio-release.storage.googleapis.com/charts | base | 1.24.3 | +| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.3 | +| https://kiali.org/helm-charts | kiali-server | 2.6.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| envoy-ratelimit.descriptors.ingress[0].key | string | `"remote_address"` | | +| envoy-ratelimit.descriptors.ingress[0].rate_limit.requests_per_unit | int | `10` | | +| envoy-ratelimit.descriptors.ingress[0].rate_limit.unit | string | `"second"` | | +| envoy-ratelimit.descriptors.privateIngress[0].key | string | `"remote_address"` | | +| envoy-ratelimit.descriptors.privateIngress[0].rate_limit.requests_per_unit | int | `10` | | +| envoy-ratelimit.descriptors.privateIngress[0].rate_limit.unit | string | `"second"` | | +| envoy-ratelimit.enabled | bool | `false` | | +| envoy-ratelimit.failureModeDeny | bool | `false` | | +| envoy-ratelimit.localCacheSize | int | `1048576` | | +| envoy-ratelimit.log.format | string | `"json"` | | +| envoy-ratelimit.log.level | string | `"warn"` | | | global.defaultPodDisruptionBudget.enabled | bool | `false` | | | global.logAsJson | bool | `true` | | | global.variant | string | `"distroless"` | | @@ -50,17 +62,6 @@ Kubernetes: `>= 1.30.0-0` | kiali-server.istio.enabled | bool | `false` | | | kiali-server.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | kiali-server.server.metrics_enabled | bool | `false` | | -| rateLimiting.descriptors.ingress[0].key | string | `"remote_address"` | | -| rateLimiting.descriptors.ingress[0].rate_limit.requests_per_unit | int | `10` | | -| rateLimiting.descriptors.ingress[0].rate_limit.unit | string | `"second"` | | -| rateLimiting.descriptors.privateIngress[0].key | string | `"remote_address"` | | -| rateLimiting.descriptors.privateIngress[0].rate_limit.requests_per_unit | int | `10` | | -| rateLimiting.descriptors.privateIngress[0].rate_limit.unit | string | `"second"` | | -| rateLimiting.enabled | bool | `false` | | -| rateLimiting.failureModeDeny | bool | `false` | | -| rateLimiting.localCacheSize | int | `1048576` | | -| rateLimiting.log.format | string | `"json"` | | -| rateLimiting.log.level | string | `"warn"` | | ## Resources diff --git a/charts/kubezero-istio/values.yaml b/charts/kubezero-istio/values.yaml index 71b44e3b..99b4d4d0 100644 --- a/charts/kubezero-istio/values.yaml +++ b/charts/kubezero-istio/values.yaml @@ -56,7 +56,7 @@ kiali-server: #url: "kiali.example.com" -rateLimiting: +envoy-ratelimit: enabled: false log: diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index bdfb87ec..9d6cc7b9 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -64,13 +64,13 @@ storage: istio: enabled: false namespace: istio-system - targetRevision: 0.24.2 + targetRevision: 0.24.3 istio-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.24.2 + targetRevision: 0.24.3 gateway: service: {} @@ -78,7 +78,7 @@ istio-private-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.24.2 + targetRevision: 0.24.3 gateway: service: {}