Compare commits
3 Commits
fe33810515
...
c3b4b6edf5
| Author | SHA1 | Date | |
|---|---|---|---|
| c3b4b6edf5 | |||
| 17e9720c42 | |||
| b05a4937bd |
@ -22,7 +22,7 @@ dependencies:
|
||||
repository: https://dl.gitea.io/charts/
|
||||
condition: gitea.enabled
|
||||
- name: jenkins
|
||||
version: 5.8.45
|
||||
version: 5.8.47
|
||||
repository: https://charts.jenkins.io
|
||||
condition: jenkins.enabled
|
||||
- name: trivy
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio-gateway
|
||||
description: KubeZero Umbrella Chart for Istio gateways
|
||||
type: application
|
||||
version: 0.24.3
|
||||
version: 0.24.6
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -17,6 +17,6 @@ dependencies:
|
||||
version: 0.2.1
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: gateway
|
||||
version: 1.24.3
|
||||
version: 1.24.6
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-istio-gateway
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Istio gateways
|
||||
|
||||
@ -21,7 +21,7 @@ Kubernetes: `>= 1.30.0-0`
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.3 |
|
||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.6 |
|
||||
|
||||
## Values
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.24.3
|
||||
appVersion: 1.24.6
|
||||
description: Helm chart for deploying Istio gateways
|
||||
icon: https://istio.io/latest/favicons/android-192x192.png
|
||||
keywords:
|
||||
@ -9,4 +9,4 @@ name: gateway
|
||||
sources:
|
||||
- https://github.com/istio/istio
|
||||
type: application
|
||||
version: 1.24.3
|
||||
version: 1.24.6
|
||||
|
||||
@ -0,0 +1,30 @@
|
||||
{{- if .Values.httpFilter.grpcWeb }}
|
||||
# Inserts the grpcWeb filter into the http_connection mangager chain before the CORS filter
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: EnvoyFilter
|
||||
metadata:
|
||||
name: {{ include "gatewayName" . | trimPrefix "istio-" }}-grpcweb
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
workloadSelector:
|
||||
labels:
|
||||
{{- include "gatewaySelectorLabels" . | nindent 6 }}
|
||||
configPatches:
|
||||
- applyTo: HTTP_FILTER
|
||||
match:
|
||||
context: GATEWAY
|
||||
listener:
|
||||
filterChain:
|
||||
filter:
|
||||
name: envoy.filters.network.http_connection_manager
|
||||
subFilter:
|
||||
name: envoy.filters.http.cors
|
||||
patch:
|
||||
operation: INSERT_BEFORE
|
||||
value:
|
||||
name: envoy.filters.http.grpc_web
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
|
||||
{{- end }}
|
||||
@ -1,7 +1,7 @@
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: EnvoyFilter
|
||||
metadata:
|
||||
name: {{ include "gatewayName" . | trimPrefix "istio-" }}-proxy-protocol
|
||||
name: {{ include "gatewayName" . | trimPrefix "istio-" }}-listener
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
||||
@ -10,24 +10,20 @@ spec:
|
||||
labels:
|
||||
{{- include "gatewaySelectorLabels" . | nindent 6 }}
|
||||
configPatches:
|
||||
- applyTo: LISTENER
|
||||
- applyTo: LISTENER_FILTER
|
||||
match:
|
||||
context: GATEWAY
|
||||
listener:
|
||||
portNumber: 8443
|
||||
listenerFilter: "envoy.filters.listener.tls_inspector"
|
||||
patch:
|
||||
operation: MERGE
|
||||
operation: REPLACE
|
||||
value:
|
||||
listener_filters:
|
||||
{{- if .Values.proxyProtocol }}
|
||||
- name: envoy.filters.listener.proxy_protocol
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
|
||||
filter_disabled:
|
||||
destination_port_range:
|
||||
start: 1025
|
||||
end: 1026
|
||||
{{- end }}
|
||||
- name: envoy.filters.listener.tls_inspector
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
|
||||
filter_disabled:
|
||||
destination_port_range:
|
||||
start: 1025
|
||||
end: 1026
|
||||
name: envoy.filters.listener.tls_inspector
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
|
||||
"initialReadBufferSize": 512
|
||||
filter_disabled:
|
||||
destination_port_range:
|
||||
start: 1025
|
||||
end: 1026
|
||||
|
||||
@ -0,0 +1,27 @@
|
||||
{{- if .Values.proxyProtocol }}
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: EnvoyFilter
|
||||
metadata:
|
||||
name: {{ include "gatewayName" . | trimPrefix "istio-" }}-proxy-protocol
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
workloadSelector:
|
||||
labels:
|
||||
{{- include "gatewaySelectorLabels" . | nindent 6 }}
|
||||
configPatches:
|
||||
- applyTo: LISTENER_FILTER
|
||||
match:
|
||||
context: GATEWAY
|
||||
patch:
|
||||
operation: INSERT_FIRST
|
||||
value:
|
||||
name: envoy.filters.listener.proxy_protocol
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
|
||||
filter_disabled:
|
||||
destination_port_range:
|
||||
start: 1025
|
||||
end: 1026
|
||||
{{- end }}
|
||||
@ -44,3 +44,6 @@ hardening:
|
||||
rejectUnderscoresHeaders: true
|
||||
unescapeSlashes: true
|
||||
preserveExternalRequestId: false
|
||||
|
||||
httpFilter:
|
||||
grpcWeb: false
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio
|
||||
description: KubeZero Umbrella Chart for Istio
|
||||
type: application
|
||||
version: 0.24.3
|
||||
version: 0.24.6
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -20,10 +20,10 @@ dependencies:
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
condition: envoy-ratelimit.enabled
|
||||
- name: base
|
||||
version: 1.24.3
|
||||
version: 1.24.6
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: istiod
|
||||
version: 1.24.3
|
||||
version: 1.24.6
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: kiali-server
|
||||
version: "2.6.0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-istio
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Istio
|
||||
|
||||
@ -22,8 +22,8 @@ Kubernetes: `>= 1.30.0-0`
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | envoy-ratelimit | 0.1.2 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
| https://istio-release.storage.googleapis.com/charts | base | 1.24.3 |
|
||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.3 |
|
||||
| https://istio-release.storage.googleapis.com/charts | base | 1.24.6 |
|
||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.6 |
|
||||
| https://kiali.org/helm-charts | kiali-server | 2.6.0 |
|
||||
|
||||
## Values
|
||||
|
||||
@ -25,8 +25,7 @@ spec:
|
||||
repoURL: {{ default "https://cdn.zero-downtime.net/charts" (index .Values $name "repository") }}
|
||||
targetRevision: {{ default "HEAD" ( index .Values $name "targetRevision" ) | quote }}
|
||||
helm:
|
||||
# add with 1.32
|
||||
#skipTests: true
|
||||
skipTests: true
|
||||
valuesObject:
|
||||
{{- include (print $name "-values") $ | nindent 8 }}
|
||||
|
||||
|
||||
@ -98,6 +98,10 @@ proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }
|
||||
hardening:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with (index .Values "istio-ingress" "httpFilter") }}
|
||||
httpFilter:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
|
||||
@ -93,6 +93,10 @@ proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProt
|
||||
hardening:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with (index .Values "istio-private-ingress" "httpFilter") }}
|
||||
httpFilter:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user