Istio minor version bump

This commit is contained in:
Stefan Reimer 2021-01-26 12:54:56 +00:00
parent 9ca8920387
commit fc45e7fd0b
9 changed files with 40 additions and 15 deletions

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio-ingress name: kubezero-istio-ingress
description: KubeZero Umbrella Chart for Istio based Ingress description: KubeZero Umbrella Chart for Istio based Ingress
type: application type: application
version: 0.1.1 version: 0.1.2
appVersion: 1.8.1 appVersion: 1.8.2
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -1,7 +1,7 @@
# Make sure these values match kuberzero-istio !!! # Make sure these values match kuberzero-istio !!!
global: global:
hub: docker.io/istio hub: docker.io/istio
tag: 1.8.1 tag: 1.8.2
logAsJson: true logAsJson: true
jwtPolicy: first-party-jwt jwtPolicy: first-party-jwt

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio name: kubezero-istio
description: KubeZero Umbrella Chart for Istio description: KubeZero Umbrella Chart for Istio
type: application type: application
version: 0.4.1 version: 0.4.2
appVersion: 1.8.1 appVersion: 1.8.2
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -3048,7 +3048,6 @@ spec:
- CUSTOM - CUSTOM
type: string type: string
provider: provider:
description: Specifies detailed configuration of the CUSTOM action.
properties: properties:
name: name:
description: Specifies the name of the extension provider. description: Specifies the name of the extension provider.

View File

@ -3050,7 +3050,6 @@ spec:
- CUSTOM - CUSTOM
type: string type: string
provider: provider:
description: Specifies detailed configuration of the CUSTOM action.
properties: properties:
name: name:
description: Specifies the name of the extension provider. description: Specifies the name of the extension provider.
@ -3537,7 +3536,9 @@ rules:
verbs: ["get", "list", "watch", "update"] verbs: ["get", "list", "watch", "update"]
# istio configuration # istio configuration
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
# please proceed with caution
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io"]
verbs: ["get", "watch", "list"] verbs: ["get", "watch", "list"]
resources: ["*"] resources: ["*"]
- apiGroups: ["networking.istio.io"] - apiGroups: ["networking.istio.io"]
@ -3621,6 +3622,7 @@ rules:
- "security.istio.io" - "security.istio.io"
- "networking.istio.io" - "networking.istio.io"
- "authentication.istio.io" - "authentication.istio.io"
- "rbac.istio.io"
resources: ["*"] resources: ["*"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- apiGroups: [""] - apiGroups: [""]

View File

@ -17,11 +17,13 @@ rules:
verbs: ["get", "list", "watch", "update"] verbs: ["get", "list", "watch", "update"]
# istio configuration # istio configuration
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
# please proceed with caution
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io"]
verbs: ["get", "watch", "list"] verbs: ["get", "watch", "list"]
resources: ["*"] resources: ["*"]
{{- if .Values.global.istiod.enableAnalysis }} {{- if .Values.global.istiod.enableAnalysis }}
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io"]
verbs: ["update"] verbs: ["update"]
# TODO: should be on just */status but wildcard is not supported # TODO: should be on just */status but wildcard is not supported
resources: ["*"] resources: ["*"]
@ -115,6 +117,7 @@ rules:
- "security.istio.io" - "security.istio.io"
- "networking.istio.io" - "networking.istio.io"
- "authentication.istio.io" - "authentication.istio.io"
- "rbac.istio.io"
resources: ["*"] resources: ["*"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- apiGroups: [""] - apiGroups: [""]

View File

@ -108,10 +108,18 @@ spec:
value: | value: |
{} {}
vm_config: vm_config:
{{- if .Values.telemetry.v2.metadataExchange.wasmEnabled }}
runtime: envoy.wasm.runtime.v8
allow_precompiled: true
code:
local:
filename: /etc/istio/extensions/metadata-exchange-filter.compiled.wasm
{{- else }}
runtime: envoy.wasm.runtime.null runtime: envoy.wasm.runtime.null
code: code:
local: local:
inline_string: envoy.wasm.metadata_exchange inline_string: envoy.wasm.metadata_exchange
{{- end }}
--- ---
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter kind: EnvoyFilter
@ -339,10 +347,18 @@ spec:
{{- end }} {{- end }}
vm_config: vm_config:
vm_id: stats_outbound vm_id: stats_outbound
{{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
runtime: envoy.wasm.runtime.v8
allow_precompiled: true
code:
local:
filename: /etc/istio/extensions/stats-filter.compiled.wasm
{{- else }}
runtime: envoy.wasm.runtime.null runtime: envoy.wasm.runtime.null
code: code:
local: local:
inline_string: envoy.wasm.stats inline_string: envoy.wasm.stats
{{- end }}
--- ---
# Note: tcp stats filter is wasm enabled only in sidecars. # Note: tcp stats filter is wasm enabled only in sidecars.
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
@ -502,14 +518,20 @@ spec:
{{- end }} {{- end }}
vm_config: vm_config:
vm_id: tcp_stats_outbound vm_id: tcp_stats_outbound
{{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
runtime: envoy.wasm.runtime.v8
allow_precompiled: true
code:
local:
filename: /etc/istio/extensions/stats-filter.compiled.wasm
{{- else }}
runtime: envoy.wasm.runtime.null runtime: envoy.wasm.runtime.null
code: code:
local: local:
inline_string: "envoy.wasm.stats" inline_string: "envoy.wasm.stats"
{{- end }}
--- ---
{{- end }} {{- end }}
{{- if .Values.telemetry.v2.stackdriver.enabled }} {{- if .Values.telemetry.v2.stackdriver.enabled }}
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter kind: EnvoyFilter
@ -629,7 +651,6 @@ spec:
code: code:
local: { inline_string: envoy.wasm.null.stackdriver } local: { inline_string: envoy.wasm.null.stackdriver }
--- ---
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter kind: EnvoyFilter
metadata: metadata:

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
set -ex set -ex
export ISTIO_VERSION=1.8.1 export ISTIO_VERSION=1.8.2
if [ ! -d istio-$ISTIO_VERSION ]; then if [ ! -d istio-$ISTIO_VERSION ]; then
NAME="istio-$ISTIO_VERSION" NAME="istio-$ISTIO_VERSION"

View File

@ -1,6 +1,6 @@
global: global:
hub: docker.io/istio hub: docker.io/istio
tag: 1.8.0 tag: 1.8.2
logAsJson: true logAsJson: true
jwtPolicy: first-party-jwt jwtPolicy: first-party-jwt