Istio version bump for 1.26

charts/kubezero-istio-gateway/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio-gateway
 description: KubeZero Umbrella Chart for Istio gateways
 type: application
-version: 0.10.1
+version: 0.18.2
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -19,4 +19,4 @@ dependencies:
   - name: gateway
     version: 1.18.2
     repository: https://istio-release.storage.googleapis.com/charts
-kubeVersion: ">= 1.25.0"
+kubeVersion: ">= 1.26.0"

charts/kubezero-istio-gateway/charts/gateway/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.17.2
+appVersion: 1.18.2
 description: Helm chart for deploying Istio gateways
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -7,6 +7,6 @@ keywords:
 - gateways
 name: gateway
 sources:
-- http://github.com/istio/istio
+- https://github.com/istio/istio
 type: application
-version: 1.17.2
+version: 1.18.2

charts/kubezero-istio-gateway/charts/gateway/templates/_helpers.tpl

@@ -28,6 +28,15 @@ app.kubernetes.io/name: {{ include "gateway.name" . }}
 {{- end }}
 {{- end }}
 
+{{- define "gateway.podLabels" -}}
+{{ include "gateway.selectorLabels" . }}
+{{- range $key, $val := .Values.labels }}
+{{- if not (or (eq $key "app") (eq $key "istio")) }}
+{{ $key | quote }}: {{ $val | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+
 {{- define "gateway.selectorLabels" -}}
 {{- if hasKey .Values.labels "app" }}
 {{- with .Values.labels.app }}app: {{.|quote}}

charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml

@@ -28,7 +28,7 @@ spec:
         {{- with .Values.revision }}
         istio.io/rev: {{ . }}
         {{- end }}
-        {{- include "gateway.selectorLabels" . | nindent 8 }}
+        {{- include "gateway.podLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:

charts/kubezero-istio-gateway/charts/gateway/templates/poddisruptionbudget.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.podDisruptionBudget }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "gateway.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gateway.labels" . | nindent 4}}
+spec:
+  selector:
+    matchLabels:
+  {{- include "gateway.selectorLabels" . | nindent 6 }}
+  {{- with .Values.podDisruptionBudget }}
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+{{- end }}

charts/kubezero-istio-gateway/charts/gateway/templates/role.yaml

@@ -5,6 +5,10 @@ kind: Role
 metadata:
   name: {{ include "gateway.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gateway.labels" . | nindent 4}}
+  annotations:
+    {{- .Values.annotations | toYaml | nindent 4 }}
 rules:
 - apiGroups: [""]
   resources: ["secrets"]
@@ -15,6 +19,10 @@ kind: RoleBinding
 metadata:
   name: {{ include "gateway.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gateway.labels" . | nindent 4}}
+  annotations:
+    {{- .Values.annotations | toYaml | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

charts/kubezero-istio-gateway/charts/gateway/values.schema.json

@@ -205,6 +205,21 @@
           }
         }
       }
+    },
+    "podDisruptionBudget": {
+      "type": "object",
+      "properties": {
+        "minAvailable": {
+          "type": ["integer", "string"]
+        },
+        "maxUnavailable": {
+          "type": ["integer", "string"]
+        },
+        "unhealthyPodEvictionPolicy": {
+          "type": "string",
+          "enum": ["", "IfHealthyBudget", "AlwaysAllow"]
+        }
+      }
     }
   }
 }

charts/kubezero-istio-gateway/charts/gateway/values.yaml

@@ -95,3 +95,33 @@ networkGateway: ""
 imagePullPolicy: ""
 
 imagePullSecrets: []
+
+# This value is used to configure a Kubernetes PodDisruptionBudget for the gateway.
+#
+# By default, the `podDisruptionBudget` is disabled (set to `{}`),
+# which means that no PodDisruptionBudget resource will be created.
+#
+# To enable the PodDisruptionBudget, configure it by specifying the
+# `minAvailable` or `maxUnavailable`. For example, to set the
+# minimum number of available replicas to 1, you can update this value as follows:
+#
+# podDisruptionBudget:
+#   minAvailable: 1
+#
+# Or, to allow a maximum of 1 unavailable replica, you can set:
+#
+# podDisruptionBudget:
+#   maxUnavailable: 1
+#
+# You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`.
+# For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows:
+#
+# podDisruptionBudget:
+#   minAvailable: 1
+#   unhealthyPodEvictionPolicy: AlwaysAllow
+#
+# To disable the PodDisruptionBudget, you can leave it as an empty object `{}`:
+#
+# podDisruptionBudget: {}
+#
+podDisruptionBudget: {}

charts/kubezero-istio-gateway/update.sh

@@ -1,11 +1,11 @@
 #!/bin/bash
 set -ex
 
+. ../../scripts/lib-update.sh
+
+#login_ecr_public
+update_helm
+
 export ISTIO_VERSION=$(yq eval '.dependencies[] | select(.name=="gateway") | .version' Chart.yaml)
 
-helm dep update
-
-# Patch
-tar xf charts/gateway-$ISTIO_VERSION.tgz -C charts && rm -f charts/gateway-$ISTIO_VERSION.tgz
-#diff -tubr charts/gateway.orig charts/gateway
-patch -p0 -i zdt.patch --no-backup-if-mismatch
+patch_chart gateway

charts/kubezero-istio/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.10.1
+version: 0.18.2
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -25,4 +25,4 @@ dependencies:
     version: "1.72.0"
     repository: https://kiali.org/helm-charts
     condition: kiali-server.enabled
-kubeVersion: ">= 1.25.0"
+kubeVersion: ">= 1.26.0"

charts/kubezero-istio/README.md

@@ -1,6 +1,6 @@
 # kubezero-istio
 
-![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.18.2](https://img.shields.io/badge/Version-0.18.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio
 
@@ -16,14 +16,14 @@ Installs the Istio control plane
 
 ## Requirements
 
-Kubernetes: `>= 1.25.0`
+Kubernetes: `>= 1.26.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://istio-release.storage.googleapis.com/charts | base | 1.17.2 |
-| https://istio-release.storage.googleapis.com/charts | istiod | 1.17.2 |
-| https://kiali.org/helm-charts | kiali-server | 1.66.0 |
+| https://istio-release.storage.googleapis.com/charts | base | 1.18.2 |
+| https://istio-release.storage.googleapis.com/charts | istiod | 1.18.2 |
+| https://kiali.org/helm-charts | kiali-server | 1.72.0 |
 
 ## Values
 

charts/kubezero-istio/dashboards.yaml

@@ -1,22 +1,22 @@
-# Revision 162 = 1.17
+# https://grafana.com/grafana/dashboards/7645-istio-control-plane-dashboard/?tab=revisions
 configmap: grafana-dashboards
 gzip: true
 folder: Istio
 condition: '.Values.istiod.telemetry.enabled'
 dashboards:
 - name: istio-control-plane
-  url: https://grafana.com/api/dashboards/7645/revisions/162/download
+  url: https://grafana.com/api/dashboards/7645/revisions/174/download
   tags:
   - Istio
 - name: istio-mesh
-  url: https://grafana.com/api/dashboards/7639/revisions/162/download
+  url: https://grafana.com/api/dashboards/7639/revisions/174/download
   tags:
   - Istio
 - name: istio-service
-  url: https://grafana.com/api/dashboards/7636/revisions/162/download
+  url: https://grafana.com/api/dashboards/7636/revisions/174/download
   tags:
   - Istio
 - name: istio-workload
-  url: https://grafana.com/api/dashboards/7630/revisions/162/download
+  url: https://grafana.com/api/dashboards/7630/revisions/174/download
   tags:
   - Istio

charts/kubezero-istio/update.sh

@@ -1,11 +1,14 @@
 #!/bin/bash
 set -ex
 
+. ../../scripts/lib-update.sh
+
+#login_ecr_public
+update_helm
+
 export ISTIO_VERSION=$(yq eval '.dependencies[] | select(.name=="base") | .version' Chart.yaml)
 export KIALI_VERSION=$(yq eval '.dependencies[] | select(.name=="kiali-server") | .version' Chart.yaml)
 
-helm dep update
-
 # Get matching istioctl
 # [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
 

charts/kubezero/templates/istio-ingress.yaml

@@ -5,6 +5,10 @@ gateway:
 
   {{- with index .Values "istio-ingress" "gateway" "replicaCount" }}
   replicaCount: {{ . }}
+  {{- if gt (int .) 1 }}
+  podDisruptionBudget:
+    minAvailable: 1
+  {{- end }}
   {{- end }}
 
   {{- if not (index .Values "istio-ingress" "gateway" "affinity") }}

charts/kubezero/templates/istio-private-ingress.yaml

@@ -5,6 +5,10 @@ gateway:
 
   {{- with index .Values "istio-private-ingress" "gateway" "replicaCount" }}
   replicaCount: {{ . }}
+  {{- if gt (int .) 1 }}
+  podDisruptionBudget:
+    minAvailable: 1
+  {{- end }}
   {{- end }}
 
   {{- if not (index .Values "istio-private-ingress" "gateway" "affinity") }}

charts/kubezero/values.yaml

@@ -59,13 +59,13 @@ storage:
 istio:
   enabled: false
   namespace: istio-system
-  targetRevision: 0.10.0
+  targetRevision: 0.18.2
 
 istio-ingress:
   enabled: false
   chart: kubezero-istio-gateway
   namespace: istio-ingress
-  targetRevision: 0.10.0
+  targetRevision: 0.18.2
   gateway:
     service: {}
 
@@ -73,7 +73,7 @@ istio-private-ingress:
   enabled: false
   chart: kubezero-istio-gateway
   namespace: istio-ingress
-  targetRevision: 0.10.0
+  targetRevision: 0.18.2
   gateway:
     service: {}