feat: bump Istio version to 1.11.5m switch to distroless images

2021-12-09 14:23:29 +01:00 · 2021-12-09 14:23:29 +01:00 · ee9f3ab421
parent e8b55e16d6
commit ee9f3ab421
16 changed files with 35 additions and 31 deletions
--- a/charts/kubezero-istio-ingress/Chart.yaml
+++ b/charts/kubezero-istio-ingress/Chart.yaml
@ -2,23 +2,25 @@ apiVersion: v2
 name: kubezero-istio-ingress
 description: KubeZero Umbrella Chart for Istio based Ingress
 type: application
-version: 0.7.5
-appVersion: 1.11.3
+version: 0.7.6
+appVersion: 1.11.5
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
  - kubezero
  - istio
+  - ingress
 maintainers:
-  - name: Quarky9
+  - name: Stefan Reimer
+    email: stefan@zero-downtime.net
 dependencies:
  - name: kubezero-lib
    version: ">= 0.1.4"
    repository: https://cdn.zero-downtime.net/charts/
  - name: istio-ingress
-    version: 1.11.3
+    version: 1.11.5
    condition: istio-ingress.enabled
  - name: istio-private-ingress
-    version: 1.11.3
+    version: 1.11.5
    condition: istio-private-ingress.enabled
-kubeVersion: ">= 1.18.0"
+kubeVersion: ">= 1.20.0"
--- a/charts/kubezero-istio-ingress/charts/istio-ingress/Chart.yaml
+++ b/charts/kubezero-istio-ingress/charts/istio-ingress/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 name: istio-ingress
-version: 1.11.3
+version: 1.11.5
 tillerVersion: ">=2.7.2"
 description: Helm chart for deploying Istio gateways
 keywords:
--- a/charts/kubezero-istio-ingress/charts/istio-ingress/values.yaml
+++ b/charts/kubezero-istio-ingress/charts/istio-ingress/values.yaml
@ -169,7 +169,7 @@ global:
  hub: docker.io/istio

  # Default tag for Istio images.
-  tag: 1.11.3
+  tag: 1.11.5

  # Specify image pull policy if default behavior isn't desired.
  # Default behavior: latest images will be Always else IfNotPresent.
--- a/charts/kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
+++ b/charts/kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 name: istio-private-ingress
-version: 1.11.3
+version: 1.11.5
 tillerVersion: ">=2.7.2"
 description: Helm chart for deploying Istio gateways
 keywords:
--- a/charts/kubezero-istio-ingress/charts/istio-private-ingress/values.yaml
+++ b/charts/kubezero-istio-ingress/charts/istio-private-ingress/values.yaml
@ -169,7 +169,7 @@ global:
  hub: docker.io/istio

  # Default tag for Istio images.
-  tag: 1.11.3
+  tag: 1.11.5

  # Specify image pull policy if default behavior isn't desired.
  # Default behavior: latest images will be Always else IfNotPresent.
--- a/charts/kubezero-istio-ingress/values.yaml
+++ b/charts/kubezero-istio-ingress/values.yaml
@ -1,7 +1,7 @@
 # Make sure these values match kuberzero-istio !!!
 global:
  #hub: docker.io/istio
-  #tag: 1.11.0
+  tag: 1.11.5-distroless

  logAsJson: true

--- a/charts/kubezero-istio/Chart.yaml
+++ b/charts/kubezero-istio/Chart.yaml
@ -2,25 +2,26 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.7.5
-appVersion: 1.11.3
+version: 0.7.6
+appVersion: 1.11.5
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
  - kubezero
  - istio
 maintainers:
-  - name: Quarky9
+  - name: Stefan Reimer
+    email: stefan@zero-downtime.net
 dependencies:
  - name: kubezero-lib
    version: ">= 0.1.4"
    repository: https://cdn.zero-downtime.net/charts/
  - name: base
-    version: 1.11.3
+    version: 1.11.5
  - name: istio-discovery
-    version: 1.11.3
+    version: 1.11.5
  - name: kiali-server
    version: 1.38.1
    # repository: https://github.com/kiali/helm-charts/tree/master/docs
    condition: kiali-server.enabled
-kubeVersion: ">= 1.18.0"
+kubeVersion: ">= 1.20.0"
--- a/charts/kubezero-istio/charts/base/Chart.yaml
+++ b/charts/kubezero-istio/charts/base/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 name: base
-version: 1.11.3
+version: 1.11.5
 tillerVersion: ">=2.7.2"
 description: Helm chart for deploying Istio cluster resources and CRDs
 keywords:
--- a/charts/kubezero-istio/charts/istio-discovery/Chart.yaml
+++ b/charts/kubezero-istio/charts/istio-discovery/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 name: istio-discovery
-version: 1.11.3
+version: 1.11.5
 tillerVersion: ">=2.7.2"
 description: Helm chart for istio control plane
 keywords:
--- a/charts/kubezero-istio/charts/istio-discovery/templates/deployment.yaml
+++ b/charts/kubezero-istio/charts/istio-discovery/templates/deployment.yaml
@ -54,14 +54,16 @@ spec:
 {{ toYaml .Values.pilot.podAnnotations | indent 8 }}
        {{- end }}
    spec:
+{{- if .Values.pilot.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.pilot.nodeSelector | indent 8 }}
+{{- end }}
      serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
 {{- if .Values.global.priorityClassName }}
      priorityClassName: "{{ .Values.global.priorityClassName }}"
 {{- end }}
      securityContext:
        fsGroup: 1337
-      nodeSelector:
-        node-role.kubernetes.io/control-plane: ""
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
--- a/charts/kubezero-istio/charts/istio-discovery/values.yaml
+++ b/charts/kubezero-istio/charts/istio-discovery/values.yaml
@ -239,7 +239,7 @@ global:
  # Dev builds from prow are on gcr.io
  hub: docker.io/istio
  # Default tag for Istio images.
-  tag: 1.11.3
+  tag: 1.11.5

  # Specify image pull policy if default behavior isn't desired.
  # Default behavior: latest images will be Always else IfNotPresent.
--- a/charts/kubezero-istio/templates/grafana-dashboards.yaml
+++ b/charts/kubezero-istio/templates/grafana-dashboards.yaml
@ -6,7 +6,7 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    grafana_dashboard: "1"
-{{ include "kubezero-lib.labels" . | indent 4 }}
+    {{- include "kubezero-lib.labels" . | nindent 4 }}
  annotations:
    k8s-sidecar-target-directory: Istio
 binaryData:
--- a/charts/kubezero-istio/values.yaml
+++ b/charts/kubezero-istio/values.yaml
@ -1,6 +1,6 @@
 global:
  # hub: docker.io/istio
-  # tag: 1.11.0
+  tag: 1.11.5-distroless

  logAsJson: true

@ -14,9 +14,10 @@ istio-discovery:
    autoscaleEnabled: false
    replicaCount: 1

-    # Not implemented, monkey patched in the chart itself
    nodeSelector:
      node-role.kubernetes.io/control-plane: ""
+
+    # Not implemented, monkey patched in the chart itself
    tolerations:
    - effect: NoSchedule
      key: node-role.kubernetes.io/master
--- a/charts/kubezero-istio/zdt.patch
+++ b/charts/kubezero-istio/zdt.patch
@ -68,12 +68,10 @@ diff -tubr istio/manifests/charts/gateways/istio-ingress/templates/service.yaml
 diff -tubr istio/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml istio.zdt/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml
 --- istio/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml	2021-07-15 07:32:30.000000000 +0200
 +++ istio.zdt/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml	2021-08-10 15:46:23.216421660 +0200
-@@ -60,6 +60,11 @@
+@@ -60,6 +60,9 @@
 {{- end }}
       securityContext:
         fsGroup: 1337
-+      nodeSelector:
-+        node-role.kubernetes.io/control-plane: ""
 +      tolerations:
 +      - effect: NoSchedule
 +        key: node-role.kubernetes.io/master
--- a/charts/kubezero/Chart.yaml
+++ b/charts/kubezero/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero
 description: KubeZero - Root App of Apps chart
 type: application
-version: 1.21.7-7
+version: 1.21.7-8
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
--- a/charts/kubezero/values.yaml
+++ b/charts/kubezero/values.yaml
@ -32,12 +32,12 @@ storage:
 istio:
  enabled: false
  namespace: istio-system
-  targetRevision: 0.7.5
+  targetRevision: 0.7.6

 istio-ingress:
  enabled: false
  namespace: istio-ingress
-  targetRevision: 0.7.5
+  targetRevision: 0.7.6

 metrics:
  enabled: false