From 55b92dfb88c04dc8017a7eb6e106001783786c75 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Tue, 7 Sep 2021 12:38:14 +0200 Subject: [PATCH] feat: upgrade Istio to 1.11.2, fix for TCP keepalive filter --- charts/kubezero-istio-ingress/Chart.yaml | 8 ++-- .../charts/istio-ingress/Chart.yaml | 2 +- .../charts/istio-ingress/values.yaml | 2 +- .../charts/istio-private-ingress/Chart.yaml | 2 +- .../charts/istio-private-ingress/values.yaml | 2 +- .../templates/envoyfilter-keepalive-nlb.yaml | 46 ++++++++----------- charts/kubezero-istio/Chart.yaml | 8 ++-- charts/kubezero-istio/charts/base/Chart.yaml | 2 +- .../charts/istio-discovery/Chart.yaml | 2 +- .../charts/istio-discovery/values.yaml | 2 +- charts/kubezero-istio/update.sh | 2 +- charts/kubezero/Chart.yaml | 2 +- charts/kubezero/values.yaml | 6 +-- 13 files changed, 38 insertions(+), 48 deletions(-) diff --git a/charts/kubezero-istio-ingress/Chart.yaml b/charts/kubezero-istio-ingress/Chart.yaml index fffa9b1..24709eb 100644 --- a/charts/kubezero-istio-ingress/Chart.yaml +++ b/charts/kubezero-istio-ingress/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubezero-istio-ingress description: KubeZero Umbrella Chart for Istio based Ingress type: application -version: 0.7.3 -appVersion: 1.11.1 +version: 0.7.4 +appVersion: 1.11.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,9 +16,9 @@ dependencies: version: ">= 0.1.4" repository: https://zero-down-time.github.io/kubezero/ - name: istio-ingress - version: 1.11.1 + version: 1.11.2 condition: istio-ingress.enabled - name: istio-private-ingress - version: 1.11.1 + version: 1.11.2 condition: istio-private-ingress.enabled kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-istio-ingress/charts/istio-ingress/Chart.yaml b/charts/kubezero-istio-ingress/charts/istio-ingress/Chart.yaml index ea2d15d..524641c 100644 --- a/charts/kubezero-istio-ingress/charts/istio-ingress/Chart.yaml +++ b/charts/kubezero-istio-ingress/charts/istio-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: istio-ingress -version: 1.11.1 +version: 1.11.2 tillerVersion: ">=2.7.2" description: Helm chart for deploying Istio gateways keywords: diff --git a/charts/kubezero-istio-ingress/charts/istio-ingress/values.yaml b/charts/kubezero-istio-ingress/charts/istio-ingress/values.yaml index e6bbfbb..b0c3a54 100644 --- a/charts/kubezero-istio-ingress/charts/istio-ingress/values.yaml +++ b/charts/kubezero-istio-ingress/charts/istio-ingress/values.yaml @@ -165,7 +165,7 @@ global: hub: docker.io/istio # Default tag for Istio images. - tag: 1.11.1 + tag: 1.11.2 # Specify image pull policy if default behavior isn't desired. # Default behavior: latest images will be Always else IfNotPresent. diff --git a/charts/kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml b/charts/kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml index 2f186fc..af29031 100644 --- a/charts/kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml +++ b/charts/kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: istio-private-ingress -version: 1.11.1 +version: 1.11.2 tillerVersion: ">=2.7.2" description: Helm chart for deploying Istio gateways keywords: diff --git a/charts/kubezero-istio-ingress/charts/istio-private-ingress/values.yaml b/charts/kubezero-istio-ingress/charts/istio-private-ingress/values.yaml index e6bbfbb..b0c3a54 100644 --- a/charts/kubezero-istio-ingress/charts/istio-private-ingress/values.yaml +++ b/charts/kubezero-istio-ingress/charts/istio-private-ingress/values.yaml @@ -165,7 +165,7 @@ global: hub: docker.io/istio # Default tag for Istio images. - tag: 1.11.1 + tag: 1.11.2 # Specify image pull policy if default behavior isn't desired. # Default behavior: latest images will be Always else IfNotPresent. diff --git a/charts/kubezero-istio-ingress/templates/envoyfilter-keepalive-nlb.yaml b/charts/kubezero-istio-ingress/templates/envoyfilter-keepalive-nlb.yaml index 6f05a12..abb21c3 100644 --- a/charts/kubezero-istio-ingress/templates/envoyfilter-keepalive-nlb.yaml +++ b/charts/kubezero-istio-ingress/templates/envoyfilter-keepalive-nlb.yaml @@ -16,23 +16,18 @@ spec: operation: MERGE value: socket_options: - # SOL_SOCKET = 1 - # SO_KEEPALIVE = 9 - - level: 1 - name: 9 + - level: 1 # SOL_SOCKET = 1 + name: 9 # SO_KEEPALIVE = 9 int_value: 1 - state: STATE_LISTENING - # IPPROTO_TCP = 6 - # TCP_KEEPIDLE = 4 - - level: 6 - name: 4 + state: STATE_PREBIND + - level: 6 # IPPROTO_TCP = 6 + name: 4 # TCP_KEEPIDLE = 4 int_value: 120 - state: STATE_LISTENING - # TCP_KEEPINTVL = 5 - - level: 6 - name: 5 + state: STATE_PREBIND + - level: 6 # IPPROTO_TCP = 6 + name: 5 # TCP_KEEPINTVL = 5 int_value: 60 - state: STATE_LISTENING + state: STATE_PREBIND {{- end }} {{- if index .Values "istio-private-ingress" "enabled" }} @@ -54,21 +49,16 @@ spec: operation: MERGE value: socket_options: - # SOL_SOCKET = 1 - # SO_KEEPALIVE = 9 - - level: 1 - name: 9 + - level: 1 # SOL_SOCKET = 1 + name: 9 # SO_KEEPALIVE = 9 int_value: 1 - state: STATE_LISTENING - # IPPROTO_TCP = 6 - # TCP_KEEPIDLE = 4 - - level: 6 - name: 4 + state: STATE_PREBIND + - level: 6 # IPPROTO_TCP = 6 + name: 4 # TCP_KEEPIDLE = 4 int_value: 120 - state: STATE_LISTENING - # TCP_KEEPINTVL = 5 - - level: 6 - name: 5 + state: STATE_PREBIND + - level: 6 # IPPROTO_TCP = 6 + name: 5 # TCP_KEEPINTVL = 5 int_value: 60 - state: STATE_LISTENING + state: STATE_PREBIND {{- end }} diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml index c011086..2db3b8a 100644 --- a/charts/kubezero-istio/Chart.yaml +++ b/charts/kubezero-istio/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubezero-istio description: KubeZero Umbrella Chart for Istio type: application -version: 0.7.3 -appVersion: 1.11.1 +version: 0.7.4 +appVersion: 1.11.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,9 +16,9 @@ dependencies: version: ">= 0.1.4" repository: https://zero-down-time.github.io/kubezero/ - name: base - version: 1.11.1 + version: 1.11.2 - name: istio-discovery - version: 1.11.1 + version: 1.11.2 - name: kiali-server version: 1.38.1 # repository: https://github.com/kiali/helm-charts/tree/master/docs diff --git a/charts/kubezero-istio/charts/base/Chart.yaml b/charts/kubezero-istio/charts/base/Chart.yaml index e6d62f7..c80388f 100644 --- a/charts/kubezero-istio/charts/base/Chart.yaml +++ b/charts/kubezero-istio/charts/base/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: base -version: 1.11.1 +version: 1.11.2 tillerVersion: ">=2.7.2" description: Helm chart for deploying Istio cluster resources and CRDs keywords: diff --git a/charts/kubezero-istio/charts/istio-discovery/Chart.yaml b/charts/kubezero-istio/charts/istio-discovery/Chart.yaml index 1fe2964..50a938e 100644 --- a/charts/kubezero-istio/charts/istio-discovery/Chart.yaml +++ b/charts/kubezero-istio/charts/istio-discovery/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: istio-discovery -version: 1.11.1 +version: 1.11.2 tillerVersion: ">=2.7.2" description: Helm chart for istio control plane keywords: diff --git a/charts/kubezero-istio/charts/istio-discovery/values.yaml b/charts/kubezero-istio/charts/istio-discovery/values.yaml index 1e8b4cf..f632c5b 100644 --- a/charts/kubezero-istio/charts/istio-discovery/values.yaml +++ b/charts/kubezero-istio/charts/istio-discovery/values.yaml @@ -239,7 +239,7 @@ global: # Dev builds from prow are on gcr.io hub: docker.io/istio # Default tag for Istio images. - tag: 1.11.1 + tag: 1.11.2 # Specify image pull policy if default behavior isn't desired. # Default behavior: latest images will be Always else IfNotPresent. diff --git a/charts/kubezero-istio/update.sh b/charts/kubezero-istio/update.sh index 58e7b06..c1a6348 100755 --- a/charts/kubezero-istio/update.sh +++ b/charts/kubezero-istio/update.sh @@ -4,7 +4,7 @@ set -ex ### TODO # - https://istio.io/latest/docs/ops/configuration/security/harden-docker-images/ -export ISTIO_VERSION=1.11.1 +export ISTIO_VERSION=1.11.2 export KIALI_VERSION=1.38.1 rm -rf istio diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index 65e4a49..40dbb79 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart type: application -version: 1.20.8-8 +version: 1.20.8-9 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 2ca9eb1..b5cb279 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -8,7 +8,7 @@ HighAvailableControlplane: false addons: enabled: false - targetRevision: 0.0.1 + targetRevision: 0.1.0 calico: enabled: false @@ -44,12 +44,12 @@ istio: enabled: false crds: true namespace: istio-system - targetRevision: 0.7.3 + targetRevision: 0.7.4 istio-ingress: enabled: false namespace: istio-ingress - targetRevision: 0.7.2 + targetRevision: 0.7.4 metrics: enabled: false