Istio minor version bump

This commit is contained in:
Stefan Reimer 2021-01-26 12:54:56 +00:00
parent 9ca8920387
commit fc45e7fd0b
9 changed files with 40 additions and 15 deletions

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio-ingress
description: KubeZero Umbrella Chart for Istio based Ingress
type: application
version: 0.1.1
appVersion: 1.8.1
version: 0.1.2
appVersion: 1.8.2
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -1,7 +1,7 @@
# Make sure these values match kuberzero-istio !!!
global:
hub: docker.io/istio
tag: 1.8.1
tag: 1.8.2
logAsJson: true
jwtPolicy: first-party-jwt

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio
description: KubeZero Umbrella Chart for Istio
type: application
version: 0.4.1
appVersion: 1.8.1
version: 0.4.2
appVersion: 1.8.2
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -3048,7 +3048,6 @@ spec:
- CUSTOM
type: string
provider:
description: Specifies detailed configuration of the CUSTOM action.
properties:
name:
description: Specifies the name of the extension provider.

View File

@ -3050,7 +3050,6 @@ spec:
- CUSTOM
type: string
provider:
description: Specifies detailed configuration of the CUSTOM action.
properties:
name:
description: Specifies the name of the extension provider.
@ -3537,7 +3536,9 @@ rules:
verbs: ["get", "list", "watch", "update"]
# istio configuration
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"]
# removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
# please proceed with caution
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io"]
verbs: ["get", "watch", "list"]
resources: ["*"]
- apiGroups: ["networking.istio.io"]
@ -3621,6 +3622,7 @@ rules:
- "security.istio.io"
- "networking.istio.io"
- "authentication.istio.io"
- "rbac.istio.io"
resources: ["*"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]

View File

@ -17,11 +17,13 @@ rules:
verbs: ["get", "list", "watch", "update"]
# istio configuration
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"]
# removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
# please proceed with caution
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io"]
verbs: ["get", "watch", "list"]
resources: ["*"]
{{- if .Values.global.istiod.enableAnalysis }}
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"]
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io"]
verbs: ["update"]
# TODO: should be on just */status but wildcard is not supported
resources: ["*"]
@ -115,6 +117,7 @@ rules:
- "security.istio.io"
- "networking.istio.io"
- "authentication.istio.io"
- "rbac.istio.io"
resources: ["*"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]

View File

@ -108,10 +108,18 @@ spec:
value: |
{}
vm_config:
{{- if .Values.telemetry.v2.metadataExchange.wasmEnabled }}
runtime: envoy.wasm.runtime.v8
allow_precompiled: true
code:
local:
filename: /etc/istio/extensions/metadata-exchange-filter.compiled.wasm
{{- else }}
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.metadata_exchange
{{- end }}
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
@ -339,10 +347,18 @@ spec:
{{- end }}
vm_config:
vm_id: stats_outbound
{{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
runtime: envoy.wasm.runtime.v8
allow_precompiled: true
code:
local:
filename: /etc/istio/extensions/stats-filter.compiled.wasm
{{- else }}
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
{{- end }}
---
# Note: tcp stats filter is wasm enabled only in sidecars.
apiVersion: networking.istio.io/v1alpha3
@ -502,14 +518,20 @@ spec:
{{- end }}
vm_config:
vm_id: tcp_stats_outbound
{{- if .Values.telemetry.v2.prometheus.wasmEnabled }}
runtime: envoy.wasm.runtime.v8
allow_precompiled: true
code:
local:
filename: /etc/istio/extensions/stats-filter.compiled.wasm
{{- else }}
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
---
{{- end }}
---
{{- end }}
{{- if .Values.telemetry.v2.stackdriver.enabled }}
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
@ -629,7 +651,6 @@ spec:
code:
local: { inline_string: envoy.wasm.null.stackdriver }
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:

View File

@ -1,7 +1,7 @@
#!/bin/bash
set -ex
export ISTIO_VERSION=1.8.1
export ISTIO_VERSION=1.8.2
if [ ! -d istio-$ISTIO_VERSION ]; then
NAME="istio-$ISTIO_VERSION"

View File

@ -1,6 +1,6 @@
global:
hub: docker.io/istio
tag: 1.8.0
tag: 1.8.2
logAsJson: true
jwtPolicy: first-party-jwt