From a3cf28cb210e0a306ad8b8a8f9f0672ac304b17b Mon Sep 17 00:00:00 2001 From: Caleb Bron Date: Wed, 22 Jan 2020 15:50:37 -0700 Subject: [PATCH] Istio 1.4.300 I know, the version looks wierd. But we needed to version our chart without making it terribly confusing for end users and also sticking to semver. --- charts/rancher-istio/1.4.3/questions.yaml | 1 + charts/rancher-istio/1.4.300/Chart.yaml | 2 +- .../certmanager/templates/deployment.yaml | 6 +- .../1.4.300/charts/certmanager/values.yaml | 3 - .../charts/galley/templates/deployment.yaml | 6 +- .../1.4.300/charts/galley/values.yaml | 1 - .../charts/gateways/templates/deployment.yaml | 14 +--- .../1.4.300/charts/gateways/values.yaml | 1 - .../create-custom-resources-job.yaml | 2 +- .../charts/grafana/templates/deployment.yaml | 2 +- .../tests/test-grafana-connection.yaml | 2 +- .../1.4.300/charts/grafana/values.yaml | 3 - .../istiocoredns/templates/configmap.yaml | 2 +- .../istiocoredns/templates/deployment.yaml | 4 +- .../1.4.300/charts/istiocoredns/values.yaml | 3 - .../charts/kiali/templates/deployment.yaml | 2 +- .../tests/test-kiali-connection.yaml | 2 +- .../1.4.300/charts/kiali/values.yaml | 3 - .../charts/mixer/templates/deployment.yaml | 24 ++----- .../1.4.300/charts/mixer/values.yaml | 1 - .../charts/nodeagent/templates/daemonset.yaml | 6 +- .../1.4.300/charts/nodeagent/values.yaml | 1 - .../charts/pilot/templates/deployment.yaml | 12 +--- .../1.4.300/charts/pilot/values.yaml | 1 - .../prometheus/templates/deployment.yaml | 2 +- .../tests/test-prometheus-connection.yaml | 2 +- .../1.4.300/charts/prometheus/values.yaml | 3 - .../create-custom-resources-job.yaml | 2 +- .../charts/security/templates/deployment.yaml | 6 +- .../tests/test-citadel-connection.yaml | 2 +- .../1.4.300/charts/security/values.yaml | 1 - .../templates/deployment.yaml | 6 +- .../charts/sidecarInjectorWebhook/values.yaml | 1 - .../tracing/templates/deployment-jaeger.yaml | 2 +- .../tracing/templates/deployment-zipkin.yaml | 2 +- .../tests/test-tracing-connection.yaml | 2 +- .../1.4.300/charts/tracing/values.yaml | 6 -- .../values-istio-example-sds-vault.yaml | 3 +- .../example-values/values-istio-googleca.yaml | 3 +- .../1.4.300/files/injection-template.yaml | 22 +++--- charts/rancher-istio/1.4.300/questions.yaml | 2 +- .../1.4.300/templates/_helpers.tpl | 9 +++ .../test-values/values-istio-auth-sds.yaml | 3 +- ...-sds-auth-control-plane-auth-disabled.yaml | 3 +- .../1.4.300/values-istio-sds-auth.yaml | 3 +- charts/rancher-istio/1.4.300/values.yaml | 70 ++++++++++++++----- 46 files changed, 120 insertions(+), 139 deletions(-) diff --git a/charts/rancher-istio/1.4.3/questions.yaml b/charts/rancher-istio/1.4.3/questions.yaml index 756de1b..777cbf9 100644 --- a/charts/rancher-istio/1.4.3/questions.yaml +++ b/charts/rancher-istio/1.4.3/questions.yaml @@ -1,3 +1,4 @@ labels: rancher.istio.v1.4.3: 1.4.3 rancher_min_version: 2.3.4-rc1 +rancher_max_version: 2.3.4-rc1 diff --git a/charts/rancher-istio/1.4.300/Chart.yaml b/charts/rancher-istio/1.4.300/Chart.yaml index e5bb5c0..33a22c3 100755 --- a/charts/rancher-istio/1.4.300/Chart.yaml +++ b/charts/rancher-istio/1.4.300/Chart.yaml @@ -14,4 +14,4 @@ name: rancher-istio sources: - http://github.com/istio/istio tillerVersion: '>=2.7.2-0' -version: 1.4.3 +version: 1.4.300 diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml index 48e4731..4c72736 100755 --- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml @@ -35,7 +35,11 @@ spec: {{- end }} containers: - name: certmanager - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}" + {{- if .Values.global.systemDefaultRegistry }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- else }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy }} args: - --cluster-resource-namespace=$(POD_NAMESPACE) diff --git a/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml b/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml index 01e565c..2d68541 100755 --- a/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml @@ -5,9 +5,6 @@ # restart, DestinationRules can be created using the ACME-signed certificates. enabled: false replicaCount: 1 -hub: quay.io/jetstack -image: cert-manager-controller -tag: v0.8.1 resources: {} nodeSelector: {} tolerations: [] diff --git a/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml index 9422686..458d983 100755 --- a/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml @@ -38,11 +38,7 @@ spec: {{- end }} containers: - name: galley -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - containerPort: 443 diff --git a/charts/rancher-istio/1.4.300/charts/galley/values.yaml b/charts/rancher-istio/1.4.300/charts/galley/values.yaml index 1dc415a..68eff96 100755 --- a/charts/rancher-istio/1.4.300/charts/galley/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/galley/values.yaml @@ -5,7 +5,6 @@ enabled: true replicaCount: 1 rollingMaxSurge: 100% rollingMaxUnavailable: 25% -image: galley nodeSelector: {} tolerations: [] podAnnotations: {} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml index ca7eb16..6c1419b 100755 --- a/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml @@ -44,7 +44,7 @@ spec: {{- if $.Values.global.proxy.enableCoreDump }} initContainers: - name: enable-core-dump - image: {{ $.Values.global.proxy.enableCoreDumpImage }} + image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} command: - /bin/sh @@ -58,11 +58,7 @@ spec: {{- if $spec.sds }} {{- if $spec.sds.enabled }} - name: ingress-sds -{{- if contains "/" $spec.sds.image }} - image: "{{ $spec.sds.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $spec.sds.image }}:{{ $.Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} resources: {{- if $spec.sds.resources }} @@ -86,11 +82,7 @@ spec: {{- end }} {{- end }} - name: istio-proxy -{{- if contains "/" $.Values.global.proxy.image }} - image: "{{ $.Values.global.proxy.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} ports: {{- range $key, $val := $spec.ports }} diff --git a/charts/rancher-istio/1.4.300/charts/gateways/values.yaml b/charts/rancher-istio/1.4.300/charts/gateways/values.yaml index 2dc682a..23a1679 100755 --- a/charts/rancher-istio/1.4.300/charts/gateways/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/gateways/values.yaml @@ -17,7 +17,6 @@ istio-ingressgateway: enabled: false # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. # This server runs in the same pod as ingress gateway. - image: node-agent-k8s resources: requests: cpu: 100m diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml index 0a4a9e5..d699709 100755 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml +++ b/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml @@ -81,7 +81,7 @@ spec: serviceAccountName: istio-grafana-post-install-account containers: - name: kubectl - image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ] volumeMounts: - mountPath: "/tmp/grafana" diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml index ba3037e..9ad2a7f 100755 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml @@ -38,7 +38,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - containerPort: 3000 diff --git a/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml b/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml index e9268c4..7c8d194 100755 --- a/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml +++ b/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml @@ -19,7 +19,7 @@ spec: {{- end }} containers: - name: "{{ template "grafana.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 + image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" command: ['curl'] args: ['http://grafana:{{ .Values.grafana.service.externalPort }}'] diff --git a/charts/rancher-istio/1.4.300/charts/grafana/values.yaml b/charts/rancher-istio/1.4.300/charts/grafana/values.yaml index 2c272bf..7b977c1 100755 --- a/charts/rancher-istio/1.4.300/charts/grafana/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/grafana/values.yaml @@ -3,9 +3,6 @@ # enabled: false replicaCount: 1 -image: - repository: grafana/grafana - tag: 6.4.3 ingress: enabled: false ## Used to create an Ingress record. diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml index 925626f..4b2a2d4 100755 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml +++ b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml @@ -13,7 +13,7 @@ data: .:53 { errors health - {{ if eq -1 (semver .Values.coreDNSTag | (semver "1.4.0").Compare) }} + {{ if eq -1 (semver .Values.image.tag | (semver "1.4.0").Compare) }} # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/ grpc global 127.0.0.1:8053 forward . /etc/resolv.conf { diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml index d5e0879..4af0a22 100755 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: {{- end }} containers: - name: coredns - image: {{ .Values.coreDNSImage }}:{{ .Values.coreDNSTag }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: @@ -71,7 +71,7 @@ spec: - name: istio-coredns-plugin command: - /usr/local/bin/plugin - image: {{ .Values.coreDNSPluginImage }} + image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - containerPort: 8053 diff --git a/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml b/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml index 6b31219..f2268c0 100755 --- a/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml @@ -5,12 +5,9 @@ enabled: false replicaCount: 1 rollingMaxSurge: 100% rollingMaxUnavailable: 25% -coreDNSImage: coredns/coredns -coreDNSTag: 1.6.2 # Source code for the plugin can be found at # https://github.com/istio-ecosystem/istio-coredns-plugin # The plugin listens for DNS requests from coredns server at 127.0.0.1:8053 -coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 nodeSelector: {} tolerations: [] podAnnotations: {} diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml index 49a7315..d0624ef 100755 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: priorityClassName: "{{ .Values.global.priorityClassName }}" {{- end }} containers: - - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}" + - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} name: kiali command: diff --git a/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml b/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml index d798f7f..e2a1ff6 100755 --- a/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml +++ b/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml @@ -19,7 +19,7 @@ spec: {{- end }} containers: - name: "{{ template "kiali.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 + image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" command: ['curl'] args: ['http://kiali:20001'] diff --git a/charts/rancher-istio/1.4.300/charts/kiali/values.yaml b/charts/rancher-istio/1.4.300/charts/kiali/values.yaml index f9d2525..c22d432 100755 --- a/charts/rancher-istio/1.4.300/charts/kiali/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/kiali/values.yaml @@ -3,9 +3,6 @@ # enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`. replicaCount: 1 -hub: quay.io/kiali -image: kiali -tag: v1.9 contextPath: /kiali # The root context path to access the Kiali UI. nodeSelector: {} tolerations: [] diff --git a/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml index 3a85cf3..60bba11 100755 --- a/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml @@ -39,11 +39,7 @@ {{- end }} containers: - name: mixer -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} ports: - containerPort: {{ .Values.global.monitoringPort }} @@ -111,11 +107,7 @@ initialDelaySeconds: 5 periodSeconds: 5 - name: istio-proxy -{{- if contains "/" $.Values.global.proxy.image }} - image: "{{ $.Values.global.proxy.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} ports: - containerPort: 9091 @@ -233,11 +225,7 @@ {{- end }} containers: - name: mixer -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} ports: - containerPort: {{ .Values.global.monitoringPort }} @@ -314,11 +302,7 @@ initialDelaySeconds: 5 periodSeconds: 5 - name: istio-proxy -{{- if contains "/" $.Values.global.proxy.image }} - image: "{{ $.Values.global.proxy.image }}" -{{- else }} - image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}" imagePullPolicy: {{ $.Values.global.imagePullPolicy }} ports: - containerPort: 9091 diff --git a/charts/rancher-istio/1.4.300/charts/mixer/values.yaml b/charts/rancher-istio/1.4.300/charts/mixer/values.yaml index d335c36..6a56f37 100755 --- a/charts/rancher-istio/1.4.300/charts/mixer/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/mixer/values.yaml @@ -1,7 +1,6 @@ # # mixer configuration # -image: mixer env: # max procs should be ceil(cpu limit + 1) diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml index 58f1efb..a4d2463 100755 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml +++ b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml @@ -30,11 +30,7 @@ spec: {{- end }} containers: - name: nodeagent -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} volumeMounts: - mountPath: /var/run/sds diff --git a/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml b/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml index 76c5503..9138c46 100755 --- a/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml @@ -2,7 +2,6 @@ # nodeagent configuration # enabled: false -image: node-agent-k8s env: # name of authentication provider. CA_PROVIDER: "" diff --git a/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml index 093bc06..7e7cd2b 100755 --- a/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml @@ -45,11 +45,7 @@ spec: {{- end }} containers: - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} args: - "discovery" @@ -131,11 +127,7 @@ spec: {{- end }} {{- if .Values.sidecar }} - name: istio-proxy -{{- if contains "/" .Values.global.proxy.image }} - image: "{{ .Values.global.proxy.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - containerPort: 15003 diff --git a/charts/rancher-istio/1.4.300/charts/pilot/values.yaml b/charts/rancher-istio/1.4.300/charts/pilot/values.yaml index 0d37ec5..84c90d9 100755 --- a/charts/rancher-istio/1.4.300/charts/pilot/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/pilot/values.yaml @@ -9,7 +9,6 @@ autoscaleMax: 5 # replicaCount: 1 rollingMaxSurge: 100% rollingMaxUnavailable: 25% -image: pilot sidecar: true traceSampling: 1.0 # if protocol sniffing is enabled for outbound diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml index 64214e0..1033a2f 100755 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: {{- end }} containers: - name: prometheus - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}" + image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} args: - '--storage.tsdb.retention={{ .Values.retention }}' diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml index 45b025e..c36ce3f 100755 --- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml +++ b/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml @@ -19,7 +19,7 @@ spec: {{- end }} containers: - name: "{{ template "prometheus.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 + image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }} imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1'] restartPolicy: Never diff --git a/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml b/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml index 76bda84..4edb9bc 100755 --- a/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml @@ -3,9 +3,6 @@ # enabled: true replicaCount: 1 -hub: docker.io/prom -image: prometheus -tag: v2.12.0 retention: 6h nodeSelector: {} tolerations: [] diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml index d1b9da7..4674cf1 100755 --- a/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml +++ b/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml @@ -85,7 +85,7 @@ spec: serviceAccountName: istio-security-post-install-account containers: - name: kubectl - image: "{{ .Values.global.hub }}/istio-kubectl:{{ .Values.global.tag }}" + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" imagePullPolicy: IfNotPresent command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ] volumeMounts: diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml index 2b3c8fe..81d0c6b 100755 --- a/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml @@ -39,11 +39,7 @@ spec: {{- end }} containers: - name: citadel -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} args: {{- if .Values.global.sds.enabled }} diff --git a/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml b/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml index 6fc742a..481b486 100755 --- a/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml +++ b/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml @@ -19,7 +19,7 @@ spec: {{- end }} containers: - name: "{{ template "security.fullname" . }}-test" - image: pstauffer/curl:v1.0.3 + image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1'] restartPolicy: Never diff --git a/charts/rancher-istio/1.4.300/charts/security/values.yaml b/charts/rancher-istio/1.4.300/charts/security/values.yaml index ee16f2c..ba92eea 100755 --- a/charts/rancher-istio/1.4.300/charts/security/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/security/values.yaml @@ -5,7 +5,6 @@ enabled: true replicaCount: 1 rollingMaxSurge: 100% rollingMaxUnavailable: 25% -image: citadel selfSigned: true # indicate if self-signed CA is used. createMeshPolicy: true nodeSelector: {} diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml index 6986ce6..95a2ea8 100755 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml +++ b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml @@ -38,11 +38,7 @@ spec: {{- end }} containers: - name: sidecar-injector-webhook -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" -{{- end }} + image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} args: - --caCertFile=/etc/istio/certs/root-cert.pem diff --git a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml index 84cbb74..ec64f8e 100755 --- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml @@ -5,7 +5,6 @@ enabled: true replicaCount: 1 rollingMaxSurge: 100% rollingMaxUnavailable: 25% -image: sidecar_injector enableNamespacesByDefault: false nodeSelector: {} tolerations: [] diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml index 916c25c..da54eeb 100755 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml +++ b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml @@ -40,7 +40,7 @@ spec: {{- end }} containers: - name: jaeger - image: "{{ .Values.jaeger.hub }}/{{ .Values.jaeger.image }}:{{ .Values.jaeger.tag }}" + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - containerPort: 9411 diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml index da779bf..eef24fc 100755 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml +++ b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml @@ -39,7 +39,7 @@ spec: {{- end }} containers: - name: zipkin - image: "{{ .Values.zipkin.hub }}/{{ .Values.zipkin.image }}:{{ .Values.zipkin.tag }}" + image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - containerPort: {{ .Values.zipkin.queryPort }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml b/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml index b87f487..64248e8 100755 --- a/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml +++ b/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml @@ -18,7 +18,7 @@ spec: {{- end }} containers: - name: "{{ .Values.provider }}-test" - image: pstauffer/curl:v1.0.3 + image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}" imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" command: ['curl'] {{- if eq .Values.provider "jaeger" }} diff --git a/charts/rancher-istio/1.4.300/charts/tracing/values.yaml b/charts/rancher-istio/1.4.300/charts/tracing/values.yaml index 16017c1..cc55ea4 100755 --- a/charts/rancher-istio/1.4.300/charts/tracing/values.yaml +++ b/charts/rancher-istio/1.4.300/charts/tracing/values.yaml @@ -29,9 +29,6 @@ podAntiAffinityLabelSelector: [] podAntiAffinityTermLabelSelector: [] jaeger: - hub: docker.io/jaegertracing - image: all-in-one - tag: 1.14 podAnnotations: {} memory: max_traces: 50000 @@ -43,9 +40,6 @@ jaeger: zipkin: - hub: docker.io/openzipkin - image: zipkin - tag: 2.14.2 podAnnotations: {} probeStartupDelay: 200 queryPort: 9411 diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml index a8aa337..3e3ac02 100755 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml +++ b/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml @@ -12,7 +12,8 @@ global: nodeagent: enabled: true - image: node-agent-k8s + repository: rancher/istio-node-agent-k8s + tag: 1.4.3 env: # The IP address and the port number of a publicly accessible example Vault server. CA_ADDR: "https://34.83.129.211:8200" diff --git a/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml b/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml index 0e6d153..e9743b1 100755 --- a/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml +++ b/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml @@ -20,7 +20,8 @@ global: nodeagent: enabled: true - image: node-agent-k8s + repository: rancher/istio-node-agent-k8s + tag: 1.4.3 env: CA_PROVIDER: "GoogleCA" CA_ADDR: "meshca.googleapis.com:443" diff --git a/charts/rancher-istio/1.4.300/files/injection-template.yaml b/charts/rancher-istio/1.4.300/files/injection-template.yaml index b8da323..e384448 100755 --- a/charts/rancher-istio/1.4.300/files/injection-template.yaml +++ b/charts/rancher-istio/1.4.300/files/injection-template.yaml @@ -4,11 +4,11 @@ initContainers: {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} {{- if not .Values.istio_cni.enabled }} - name: istio-init -{{- if contains "/" .Values.global.proxy_init.image }} - image: "{{ .Values.global.proxy_init.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" -{{- end }} + {{- if .Values.global.systemDefaultRegistry }} + image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" + {{- else }} + image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}" + {{- end }} command: - istio-iptables - "-p" @@ -65,7 +65,11 @@ initContainers: - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited command: - /bin/sh - image: {{ $.Values.global.proxy.enableCoreDumpImage }} + {{- if .Values.global.systemDefaultRegistry }} + image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}" + {{- else }} + image: "{{ .Values.global.proxy.enableCoreDumpImage }}" + {{- end }} imagePullPolicy: IfNotPresent resources: {} securityContext: @@ -84,10 +88,10 @@ initContainers: {{- end }} containers: - name: istio-proxy -{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" +{{- if .Values.global.systemDefaultRegistry }} + image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}" {{- else }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}" {{- end }} ports: - containerPort: 15090 diff --git a/charts/rancher-istio/1.4.300/questions.yaml b/charts/rancher-istio/1.4.300/questions.yaml index 756de1b..dc30cde 100644 --- a/charts/rancher-istio/1.4.300/questions.yaml +++ b/charts/rancher-istio/1.4.300/questions.yaml @@ -1,3 +1,3 @@ labels: - rancher.istio.v1.4.3: 1.4.3 + rancher.istio.v1.4.300: 1.4.3 rancher_min_version: 2.3.4-rc1 diff --git a/charts/rancher-istio/1.4.300/templates/_helpers.tpl b/charts/rancher-istio/1.4.300/templates/_helpers.tpl index b1f54a4..cf10568 100755 --- a/charts/rancher-istio/1.4.300/templates/_helpers.tpl +++ b/charts/rancher-istio/1.4.300/templates/_helpers.tpl @@ -37,3 +37,12 @@ Create a fully qualified configmap name. {{- define "istio.configmap.fullname" -}} {{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} {{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml index 8438697..c4562c7 100755 --- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml +++ b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml @@ -17,7 +17,8 @@ global: nodeagent: enabled: true - image: node-agent-k8s + repository: rancher/istio-node-agent-k8s + tag: 1.4.3 env: CA_PROVIDER: "Citadel" CA_ADDR: "istio-citadel:8060" diff --git a/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml b/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml index 6144aff..512c51a 100755 --- a/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml +++ b/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml @@ -14,7 +14,8 @@ global: nodeagent: enabled: true - image: node-agent-k8s + repository: rancher/istio-node-agent-k8s + tag: 1.4.3 env: CA_PROVIDER: "Citadel" CA_ADDR: "istio-citadel:8060" diff --git a/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml b/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml index 83085df..b9e2eaf 100755 --- a/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml +++ b/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml @@ -14,7 +14,8 @@ global: nodeagent: enabled: true - image: node-agent-k8s + repository: rancher/istio-node-agent-k8s + tag: 1.4.3 env: CA_PROVIDER: "Citadel" CA_ADDR: "istio-citadel:8060" diff --git a/charts/rancher-istio/1.4.300/values.yaml b/charts/rancher-istio/1.4.300/values.yaml index 3509264..2c9d805 100755 --- a/charts/rancher-istio/1.4.300/values.yaml +++ b/charts/rancher-istio/1.4.300/values.yaml @@ -22,7 +22,8 @@ gateways: # charts/sidecarInjectorWebhook/values.yaml for detailed configuration # sidecarInjectorWebhook: - image: istio-sidecar_injector + repository: rancher/istio-sidecar_injector + tag: 1.4.3 enabled: true # @@ -30,7 +31,8 @@ sidecarInjectorWebhook: # for detailed configuration # galley: - image: istio-galley + repository: rancher/istio-galley + tag: 1.4.3 enabled: true # @@ -38,7 +40,8 @@ galley: # # @see charts/mixer/values.yaml for all values mixer: - image: istio-mixer + repository: rancher/istio-mixer + tag: 1.4.3 policy: # if policy is enabled the global.disablePolicyChecks has affect. enabled: true @@ -50,35 +53,38 @@ mixer: # # @see charts/pilot/values.yaml pilot: - image: istio-pilot + repository: rancher/istio-pilot + tag: 1.4.3 enabled: true # # security configuration # security: - image: istio-citadel + repository: rancher/istio-citadel + tag: 1.4.3 enabled: true # # nodeagent configuration # nodeagent: - image: istio-node-agent-k8s enabled: false # # addon grafana configuration # grafana: - image: grafana-grafana + repository: rancher/grafana-grafana + tag: 6.3.6 enabled: false # # addon prometheus configuration # prometheus: - image: prom-prometheus + repository: rancher/prom-prometheus + tag: v2.12.0 enabled: false # @@ -86,19 +92,19 @@ prometheus: # tracing: jaeger: - hub: docker.io/rancher - image: jaegertracing-all-in-one + repository: rancher/jaegertracing-all-in-one + tag: 1.14 zipkin: - hub: docker.io/rancher - image: openzipkin-zipkin + repository: rancher/openzipkin-zipkin + tag: 2.14.2 enabled: false # # addon kiali tracing configuration # kiali: - hub: docker.io/rancher - image: kiali-kiali + repository: rancher/kiali-kiali + tag: v1.9 contextPath: / dashboard: jaegerURL: http://tracing.istio-system:80 @@ -113,6 +119,9 @@ kiali: # certmanager: enabled: false + image: + repository: rancher/jetstack-cert-manager-controller + tag: v0.8.1 # # Istio CNI plugin enabled @@ -126,12 +135,24 @@ istio_cni: # addon Istio CoreDNS configuration # istiocoredns: - coreDNSImage: coredns-coredns - coreDNSPluginImage: istio-coredns-plugin + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 enabled: false # Common settings used among istio subcharts. global: + + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + rancher: + clusterId: + + systemDefaultRegistry: "" + # Default hub for Istio images. # Releases are published to docker hub under 'istio' project. # Dev builds from prow are on gcr.io @@ -146,6 +167,10 @@ global: logging: level: "default:info" + kubectl: + repository: rancher/istio-kubectl + tag: 1.4.3 + # monitoring port used by mixer, pilot, galley and sidecar injector monitoringPort: 15014 @@ -162,6 +187,10 @@ global: # will result in LDS rejection and the ingress will not work. enableHttps: false + curl: + repository: rancher/pstauffer-curl + tag: v1.0.3 + proxy: # Configuration for the proxy init container init: @@ -173,7 +202,8 @@ global: cpu: 10m memory: 10Mi # use fully qualified image names for alternate path to proxy. - image: istio-proxyv2 + repository: rancher/istio-proxyv2 + tag: 1.4.3 # cluster domain. Default value is "cluster.local". clusterDomain: "cluster.local" @@ -331,7 +361,8 @@ global: proxy_init: # Base name for the istio-init container, used to configure iptables. - image: istio-proxyv2 + repository: rancher/istio-proxyv2 + tag: 1.4.3 # imagePullPolicy is applied to istio control plane components. # local tests require IfNotPresent, to avoid uploading to dockerhub. @@ -557,6 +588,9 @@ global: # defaultConfigVisibilitySettings: #- '*' + nodeagent: + repository: rancher/istio-node-agent-k8s + tag: 1.4.3 sds: # SDS enabled. IF set to true, mTLS certificates for the sidecars will be # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. -- GitLab