diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/Chart.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/Chart.yaml deleted file mode 100644 index 3affb34b5..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.23.0-0' - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: istio - catalog.cattle.io/upstream-version: 1.11.8 -apiVersion: v1 -appVersion: 1.11.8 -description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. -icon: https://charts.rancher.io/assets/logos/istio.svg -keywords: -- networking -- infrastructure -name: rancher-istio -version: 1.11.8 diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/README.md b/packages/rancher-istio/1.11/rancher-istio/charts/README.md deleted file mode 100644 index 2230c6185..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# Rancher-Istio Chart - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. - -See the app-readme for known issues and deprecations. - -## Installation Requirements - -#### Chart Dependencies -- rancher-monitoring chart or other Prometheus installation - -#### Install -To install the rancher-istio chart with helm, use the following command: -``` -helm install rancher-istio --create-namespace -n istio-system -``` - -#### Uninstall -To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. - -**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:** -`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` - -## Addons -The addons that are included with rancher-istio are: - -- Kiali -- Jaeger - -Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon. -### Kiali Addon - -Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. - -#### Kiali Dependencies -##### rancher-monitoring chart or other Prometheus installation - -This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. - -#### Prometheus Configuration for Kiali -> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. - -The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. - -To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. - -1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. -1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. - -#### Kiali External Services - -The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing. - -##### Prometheus -The `kiali.external_services.prometheus` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Grafana -The `kiali.external_services.grafana` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Tracing -The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: -``` -http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} -``` -The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. - -## Jaeger Addon - -Jaeger allows you to trace and monitor distributed microservices. - -> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/app-readme.md b/packages/rancher-istio/1.11/rancher-istio/charts/app-readme.md deleted file mode 100644 index d5ebeedec..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/app-readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Rancher Istio - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: -* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh -* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). -## Warnings -- Upgrading across more than two minor versions (e.g., 1.6.x to 1.9.x) in one step is not officially tested or recommended. See [Istio upgrade docs](https://istio.io/latest/docs/setup/upgrade/) for more details. - -## Known Issues - -#### Airgapped Environments -**A temporary fix has been added to this chart to allow upgrades to succeed in an airgapped environment. See [this issue](https://github.com/rancher/rancher/issues/30842) for details.** We are still advocating for an upstream fix in Istio to formally resolve this issue. The root cause is the Istio Operator upgrade command reaches out to an external repo on upgrades and the external repo is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402) - -#### Installing Istio with CNI component enabled on RHEL 8.4 SElinux enabled cluster. -To install istio with CNI enabled, e.g. when cluster has a default PSP set to "restricted", on a cluster using nodes with RHEL 8.4 SElinux enabled, run the following command on each cluster node before creating a cluster. -`mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni` -See [this issue](https://github.com/rancher/rancher/issues/33291) for details. - -## Deprecations - -#### v1alpha1 security policies -As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/ - -If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version. - -> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to: -``` -Error: found 6 CRD of unsupported v1alpha1 security policy -``` -``` - Error: found 1 unsupported v1alpha1 security policy - ``` - ``` - Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x - ``` - Continue with the migration steps below before retrying the upgrade process. - -#### Migrating Resources: -Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post"). - -You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps. diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/configs/istio-base.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/configs/istio-base.yaml deleted file mode 100644 index 4f676b778..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/configs/istio-base.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - base: - enabled: {{ .Values.base.enabled }} - cni: - enabled: {{ .Values.cni.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - egressGateways: - - enabled: {{ .Values.egressGateways.enabled }} - name: istio-egressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - ingressGateways: - - enabled: {{ .Values.ingressGateways.enabled }} - name: istio-ingressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - nodePort: 31380 - - name: https - port: 443 - targetPort: 8443 - nodePort: 31390 - - name: tcp - port: 31400 - targetPort: 31400 - nodePort: 31400 - - name: tls - port: 15443 - targetPort: 15443 - istiodRemote: - enabled: {{ .Values.istiodRemote.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - pilot: - enabled: {{ .Values.pilot.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} - profile: default - tag: {{ .Values.tag }} - revision: {{ .Values.revision }} - meshConfig: - defaultConfig: - proxyMetadata: - {{- if .Values.dns.enabled }} - ISTIO_META_DNS_CAPTURE: "true" - {{- end }} - values: - gateways: - istio-egressgateway: - name: istio-egressgateway - type: {{ .Values.egressGateways.type }} - istio-ingressgateway: - name: istio-ingressgateway - type: {{ .Values.ingressGateways.type }} - global: - istioNamespace: {{ template "istio.namespace" . }} - proxy: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} - proxy_init: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} - {{- if .Values.global.defaultPodDisruptionBudget.enabled }} - defaultPodDisruptionBudget: - enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} - {{- end }} - {{- if .Values.pilot.enabled }} - pilot: - image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} - {{- end }} - telemetry: - enabled: {{ .Values.telemetry.enabled }} - v2: - enabled: {{ .Values.telemetry.v2.enabled }} - {{- if .Values.cni.enabled }} - cni: - image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} - excludeNamespaces: - {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} - logLevel: {{ .Values.cni.logLevel }} - {{- end }} diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/requirements.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/requirements.yaml deleted file mode 100644 index 943a08326..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: -- condition: kiali.enabled - name: kiali - repository: file://./charts/kiali -- condition: tracing.enabled - name: tracing - repository: file://./charts/tracing diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/samples/overlay-example.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/samples/overlay-example.yaml deleted file mode 100644 index 5cf3cf3b0..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/samples/overlay-example.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - ingressGateways: - - enabled: true - name: ilb-gateway - namespace: user-ingressgateway-ns - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal - - enabled: true - name: other-gateway - namespace: cattle-istio-system - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/_helpers.tpl b/packages/rancher-istio/1.11/rancher-istio/charts/templates/_helpers.tpl deleted file mode 100644 index 30b429a80..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "istio.namespace" -}} - {{- .Release.Namespace | default "istio-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/admin-role.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/admin-role.yaml deleted file mode 100644 index ad1313c4f..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/admin-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: istio-admin - namespace: {{ template "istio.namespace" . }} -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/base-config-map.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/base-config-map.yaml deleted file mode 100644 index 5323917bc..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/base-config-map.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-base - namespace: {{ template "istio.namespace" . }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/clusterrole.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/clusterrole.yaml deleted file mode 100644 index d8c6b40a4..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/clusterrole.yaml +++ /dev/null @@ -1,132 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-installer -rules: -# istio groups -- apiGroups: - - extensions.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - install.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - telemetry.istio.io - resources: - - '*' - verbs: - - '*' -# k8s groups -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions.apiextensions.k8s.io - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments - - deployments/finalizers - - ingresses - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - pods/exec - - persistentvolumeclaims - - secrets - - services - - serviceaccounts - verbs: - - '*' -- apiGroups: - - policy - resourceNames: - - istio-installer - resources: - - podsecuritypolicies - verbs: - - use diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/clusterrolebinding.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/clusterrolebinding.yaml deleted file mode 100644 index 9d74a0434..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-installer -subjects: -- kind: ServiceAccount - name: istio-installer - namespace: {{ template "istio.namespace" . }} -roleRef: - kind: ClusterRole - name: istio-installer - apiGroup: rbac.authorization.k8s.io diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/edit-role.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/edit-role.yaml deleted file mode 100644 index d1059d58d..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/edit-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-edit -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-cni-psp.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-cni-psp.yaml deleted file mode 100644 index 5b94c8503..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-cni-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: true - fsGroup: - rule: RunAsAny - hostNetwork: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - configMap - - emptyDir - - hostPath ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: psp-istio-cni -subjects: - - kind: ServiceAccount - name: istio-cni ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - psp-istio-cni - resources: - - podsecuritypolicies - verbs: - - use -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-install-job.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-install-job.yaml deleted file mode 100644 index c2e362e68..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-install-job.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-installer - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - template: - spec: - {{- if .Values.installer.releaseMirror.enabled }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "github.com" - {{- end }} - containers: - - name: istioctl-installer - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - - name: FORCE_INSTALL - value: {{ .Values.forceInstall | default "false" | quote }} - - name: RELEASE_MIRROR_ENABLED - value: {{ .Values.installer.releaseMirror.enabled | quote }} - - name: SECONDS_SLEEP - value: {{ .Values.installer.debug.secondsSleep | quote}} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/run.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{- end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{- end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 499 - runAsGroup: 487 - restartPolicy: Never diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-install-psp.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-install-psp.yaml deleted file mode 100644 index f0b5ee565..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-install-psp.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'configMap' - - 'secret' -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-psp.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-psp.yaml deleted file mode 100644 index b3758b74f..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-psp.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istio-psp -subjects: - - kind: ServiceAccount - name: istio-egressgateway-service-account - - kind: ServiceAccount - name: istio-ingressgateway-service-account - - kind: ServiceAccount - name: istio-mixer-service-account - - kind: ServiceAccount - name: istio-operator-authproxy - - kind: ServiceAccount - name: istiod-service-account - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - - kind: ServiceAccount - name: istiocoredns-service-account - - kind: ServiceAccount - name: default ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - istio-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-uninstall-job.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-uninstall-job.yaml deleted file mode 100644 index 0091d0c17..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/istio-uninstall-job.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-uninstaller - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - containers: - - name: istioctl-uninstaller - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{ end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{ end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 101 - runAsGroup: 101 - restartPolicy: OnFailure diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/overlay-config-map.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/overlay-config-map.yaml deleted file mode 100644 index 287d26b2c..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/overlay-config-map.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.overlayFile }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-overlay - namespace: {{ template "istio.namespace" . }} -data: - overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} -{{- end }} diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/service-monitors.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/service-monitors.yaml deleted file mode 100644 index c3d60c4fc..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/service-monitors.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.kiali.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: envoy-stats-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-proxies -spec: - selector: - matchExpressions: - - {key: istio-prometheus-ignore, operator: DoesNotExist} - namespaceSelector: - any: true - jobLabel: envoy-stats - endpoints: - - path: /stats/prometheus - targetPort: 15090 - interval: 15s - relabelings: - - sourceLabels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - action: labeldrop - regex: "__meta_kubernetes_pod_label_(.+)" - - sourceLabels: [__meta_kubernetes_namespace] - action: replace - targetLabel: namespace - - sourceLabels: [__meta_kubernetes_pod_name] - action: replace - targetLabel: pod_name ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: istio-component-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-components -spec: - jobLabel: istio - targetLabels: [app] - selector: - matchExpressions: - - {key: istio, operator: In, values: [pilot]} - namespaceSelector: - any: true - endpoints: - - port: http-monitoring - interval: 15s -{{- end -}} diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/serviceaccount.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/serviceaccount.yaml deleted file mode 100644 index 82b6cbb7e..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/templates/view-role.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/templates/view-role.yaml deleted file mode 100644 index 5947d3eba..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/templates/view-role.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-view -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: ["get", "watch", "list"] - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: ["get", "watch", "list"] diff --git a/packages/rancher-istio/1.11/rancher-istio/charts/values.yaml b/packages/rancher-istio/1.11/rancher-istio/charts/values.yaml deleted file mode 100644 index 9e4d558a9..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/charts/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -overlayFile: "" -tag: 1.11.8 -##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install -forceInstall: false - -installer: - repository: rancher/istio-installer - tag: 1.11.8-rancher2 - ##releaseMirror are configurations for istio upgrades. - ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal - ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets. - releaseMirror: - enabled: false - - ##Set the secondsSleep to run a sleep command `sleep s` to allow time to exec into istio-installer pod for debugging - debug: - secondsSleep: 0 - -##Native support for dns added in 1.8 -dns: - enabled: false - -base: - enabled: true - -cni: - enabled: false - repository: rancher/mirrored-istio-install-cni - tag: 1.11.8 - logLevel: info - excludeNamespaces: - - istio-system - - kube-system - -egressGateways: - enabled: false - type: NodePort - -ingressGateways: - enabled: true - type: NodePort - -istiodRemote: - enabled: false - -pilot: - enabled: true - repository: rancher/mirrored-istio-pilot - tag: 1.11.8 - -telemetry: - enabled: true - v2: - enabled: true - -global: - cattle: - systemDefaultRegistry: "" - proxy: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.11.8 - proxy_init: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.11.8 - defaultPodDisruptionBudget: - enabled: true - rbac: - pspEnabled: true - -# Kiali subchart from rancher-kiali-server -kiali: - enabled: true - auth: - strategy: anonymous - deployment: - ingress_enabled: false - external_services: - prometheus: - custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - tracing: - in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" - use_grpc: false - grafana: - in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - -tracing: - enabled: false - contextPath: "/jaeger" - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] diff --git a/packages/rancher-istio/1.11/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml b/packages/rancher-istio/1.11/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml deleted file mode 100644 index 4c25c888f..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml +++ /dev/null @@ -1,2 +0,0 @@ -workingDir: "" -url: packages/rancher-istio/1.11/rancher-kiali-server diff --git a/packages/rancher-istio/1.11/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml b/packages/rancher-istio/1.11/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml deleted file mode 100644 index 8eeddc814..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml +++ /dev/null @@ -1,2 +0,0 @@ -workingDir: "" -url: packages/rancher-istio/1.11/rancher-tracing diff --git a/packages/rancher-istio/1.11/rancher-istio/package.yaml b/packages/rancher-istio/1.11/rancher-istio/package.yaml deleted file mode 100644 index 51b0d84a9..000000000 --- a/packages/rancher-istio/1.11/rancher-istio/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: local -version: 100.1.3+up1.11.8 diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml b/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml deleted file mode 100644 index f891892cc..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: kiali ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "kiali-server.fullname" . }}-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml b/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml deleted file mode 100644 index 970d4e4f5..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.web_root_override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; -{{- end }} diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch b/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 11d791cdc..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -1,17 +1,26 @@ -+annotations: -+ catalog.cattle.io/hidden: "true" -+ catalog.cattle.io/os: linux -+ catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 -+ catalog.rancher.io/namespace: cattle-istio-system -+ catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.41.0 - description: Kiali is an open source project for service mesh observability, refer -- to https://www.kiali.io for details. -+ to https://www.kiali.io for details. This is installed as sub-chart with customized -+ values in Rancher's Istio. - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali -+- networking -+- infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io --name: kiali-server -+name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch deleted file mode 100644 index 01bd1406b..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch +++ /dev/null @@ -1,46 +0,0 @@ ---- charts-original/templates/_helpers.tpl -+++ charts/templates/_helpers.tpl -@@ -50,8 +50,15 @@ - Selector labels - */}} - {{- define "kiali-server.selectorLabels" -}} -+{{- $releaseName := .Release.Name -}} -+{{- $fullName := include "kiali-server.fullname" . -}} -+{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} - app.kubernetes.io/name: kiali --app.kubernetes.io/instance: {{ include "kiali-server.fullname" . }} -+{{- if (and .Release.IsUpgrade $deployment)}} -+app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} -+{{- else }} -+app.kubernetes.io/instance: {{ $fullName }} -+{{- end }} - {{- end }} - - {{/* -@@ -141,3 +148,26 @@ - {{- end }} - {{- end }} - {{- end }} -+ -+{{- define "system_default_registry" -}} -+{{- if .Values.global.cattle.systemDefaultRegistry -}} -+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -+{{- else -}} -+{{- "" -}} -+{{- end -}} -+{{- end -}} -+ -+{{/* -+Windows cluster will add default taint for linux nodes, -+add below linux tolerations to workloads could be scheduled to those linux nodes -+*/}} -+{{- define "linux-node-tolerations" -}} -+- key: "cattle.io/os" -+ value: "linux" -+ effect: "NoSchedule" -+ operator: "Equal" -+{{- end -}} -+ -+{{- define "linux-node-selector" -}} -+kubernetes.io/os: linux -+{{- end -}} diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch b/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch deleted file mode 100644 index b40aaafd0..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- charts-original/templates/deployment.yaml -+++ charts/templates/deployment.yaml -@@ -48,7 +48,7 @@ - {{- end }} - {{- end }} - containers: -- - image: "{{ .Values.deployment.image_name }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.image_version }}" -+ - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.tag }}" - imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} - name: {{ include "kiali-server.fullname" . }} - command: -@@ -103,6 +103,11 @@ - - name: LOG_SAMPLER_RATE - value: "{{ .Values.deployment.logger.sampler_rate }}" - volumeMounts: -+ {{- if .Values.web_root_override }} -+ - name: kiali-console -+ subPath: env.js -+ mountPath: /opt/kiali/console/env.js -+ {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - mountPath: "/kiali-configuration" - - name: {{ include "kiali-server.fullname" . }}-cert -@@ -116,6 +121,14 @@ - {{- toYaml .Values.deployment.resources | nindent 10 }} - {{- end }} - volumes: -+ {{- if .Values.web_root_override }} -+ - name: kiali-console -+ configMap: -+ name: kiali-console -+ items: -+ - key: env.js -+ path: env.js -+ {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - configMap: - name: {{ include "kiali-server.fullname" . }} -@@ -154,12 +167,12 @@ - {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} - {{- end }} - {{- end }} -- {{- if .Values.deployment.tolerations }} -- tolerations: -- {{- toYaml .Values.deployment.tolerations | nindent 8 }} -- {{- end }} -- {{- if .Values.deployment.node_selector }} -- nodeSelector: -- {{- toYaml .Values.deployment.node_selector | nindent 8 }} -- {{- end }} -+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -+{{- if .Values.deployment.tolerations }} -+{{ toYaml .Values.deployment.tolerations | indent 8 }} -+{{- end }} -+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -+{{- if .Values.deployment.node_selector }} -+{{ toYaml .Values.deployment.node_selector | indent 8 }} -+{{- end }} - ... diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/values.yaml.patch b/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/values.yaml.patch deleted file mode 100644 index a3000a186..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/generated-changes/patch/values.yaml.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- charts-original/values.yaml -+++ charts/values.yaml -@@ -13,6 +13,9 @@ - # do this, a PR would be welcome. - kiali_route_url: "" - -+# rancher specific override that allows proxy access to kiali url -+web_root_override: true -+ - # - # Settings that mimic the Kiali CR which are placed in the ConfigMap. - # Note that only those values used by the Helm Chart will be here. -@@ -39,10 +42,10 @@ - api_version: "autoscaling/v2beta2" - spec: {} - image_digest: "" # use "sha256" if image_version is a sha256 hash (do NOT prefix this value with a "@") -- image_name: quay.io/kiali/kiali -+ repository: rancher/mirrored-kiali-kiali - image_pull_policy: "Always" - image_pull_secrets: [] -- image_version: v1.41.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash -+ tag: v1.41.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash - ingress_enabled: true - instance_name: "kiali" - logger: -@@ -89,3 +92,13 @@ - metrics_enabled: true - metrics_port: 9090 - web_root: "" -+ -+# Common settings used among istio subcharts. -+global: -+ # Specify rancher clusterId of external tracing config -+ # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 -+ cattle: -+ systemDefaultRegistry: "" -+ clusterId: -+ rbac: -+ pspEnabled: false diff --git a/packages/rancher-istio/1.11/rancher-kiali-server/package.yaml b/packages/rancher-istio/1.11/rancher-kiali-server/package.yaml deleted file mode 100644 index cda647ee1..000000000 --- a/packages/rancher-istio/1.11/rancher-kiali-server/package.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: https://kiali.org/helm-charts/kiali-server-1.41.0.tgz -version: 100.0.0 -doNotRelease: true \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/.helmignore b/packages/rancher-istio/1.11/rancher-tracing/charts/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/Chart.yaml b/packages/rancher-istio/1.11/rancher-tracing/charts/Chart.yaml deleted file mode 100644 index ccbd256c1..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing -apiVersion: v1 -appVersion: 1.31.0 -description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for details. -name: rancher-tracing -version: 1.31.0 diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/README.md b/packages/rancher-istio/1.11/rancher-tracing/charts/README.md deleted file mode 100644 index 25534c628..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Jaeger - -A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. - -> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/_affinity.tpl b/packages/rancher-istio/1.11/rancher-tracing/charts/templates/_affinity.tpl deleted file mode 100644 index bf6a9aee5..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/_affinity.tpl +++ /dev/null @@ -1,92 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} -{{- define "nodeAffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/_helpers.tpl b/packages/rancher-istio/1.11/rancher-tracing/charts/templates/_helpers.tpl deleted file mode 100644 index 09c6b0546..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/deployment.yaml b/packages/rancher-istio/1.11/rancher-tracing/charts/templates/deployment.yaml deleted file mode 100644 index 59928735f..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ .Values.provider }} - template: - metadata: - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - env: - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HOST_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeAffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.global.rbac.pspEnabled }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: {{ include "tracing.fullname" . }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/psp.yaml b/packages/rancher-istio/1.11/rancher-tracing/charts/templates/psp.yaml deleted file mode 100644 index 44b230492..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "tracing.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "tracing.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "tracing.fullname" . }} - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - emptyDir - - secret - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/pvc.yaml b/packages/rancher-istio/1.11/rancher-tracing/charts/templates/pvc.yaml deleted file mode 100644 index 9b4c55e4f..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: {{.Values.jaeger.persistentVolumeClaim.storage }} -{{- end }} diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/service.yaml b/packages/rancher-istio/1.11/rancher-tracing/charts/templates/service.yaml deleted file mode 100644 index 4210a9b5f..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/templates/service.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.service.externalPort }} - protocol: TCP - targetPort: 16686 - selector: - app: {{ .Values.provider }} ---- -# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. -apiVersion: v1 -kind: Service -metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - name: zipkin - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - selector: - app: {{ .Values.provider }} ---- -apiVersion: v1 -kind: Service -metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: {{ .Values.provider }} diff --git a/packages/rancher-istio/1.11/rancher-tracing/charts/values.yaml b/packages/rancher-istio/1.11/rancher-tracing/charts/values.yaml deleted file mode 100644 index 26c367176..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/charts/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -provider: jaeger -contextPath: "" -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] -nameOverride: "" -fullnameOverride: "" - -global: - cattle: - systemDefaultRegistry: "" - defaultResources: {} - imagePullPolicy: IfNotPresent - imagePullSecrets: [] - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - defaultNodeSelector: - kubernetes.io/os: linux - rbac: - pspEnabled: false - -jaeger: - repository: rancher/mirrored-jaegertracing-all-in-one - tag: 1.31.0 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - resources: - requests: - cpu: 10m - persistentVolumeClaim: - enabled: false - storage: 5Gi - storageClassName: "" - accessMode: ReadWriteMany - memory: - max_traces: 50000 -zipkin: - queryPort: 9411 -service: - annotations: {} - name: http-query - type: ClusterIP - externalPort: 16686 diff --git a/packages/rancher-istio/1.11/rancher-tracing/package.yaml b/packages/rancher-istio/1.11/rancher-tracing/package.yaml deleted file mode 100644 index 2ba0a939c..000000000 --- a/packages/rancher-istio/1.11/rancher-tracing/package.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: local -version: 100.0.0 -doNotRelease: true \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/Chart.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/Chart.yaml deleted file mode 100644 index d0ab7efb4..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/kube-version: '>= 1.19.0-0 < 1.23.0-0' - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: istio - catalog.cattle.io/upstream-version: 1.12.6 -apiVersion: v1 -appVersion: 1.12.6 -description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. -icon: https://charts.rancher.io/assets/logos/istio.svg -keywords: -- networking -- infrastructure -name: rancher-istio -version: 1.12.6 diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/README.md b/packages/rancher-istio/1.12/rancher-istio/charts/README.md deleted file mode 100644 index 2230c6185..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# Rancher-Istio Chart - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. - -See the app-readme for known issues and deprecations. - -## Installation Requirements - -#### Chart Dependencies -- rancher-monitoring chart or other Prometheus installation - -#### Install -To install the rancher-istio chart with helm, use the following command: -``` -helm install rancher-istio --create-namespace -n istio-system -``` - -#### Uninstall -To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. - -**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:** -`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` - -## Addons -The addons that are included with rancher-istio are: - -- Kiali -- Jaeger - -Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon. -### Kiali Addon - -Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. - -#### Kiali Dependencies -##### rancher-monitoring chart or other Prometheus installation - -This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. - -#### Prometheus Configuration for Kiali -> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. - -The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. - -To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. - -1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. -1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. - -#### Kiali External Services - -The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing. - -##### Prometheus -The `kiali.external_services.prometheus` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Grafana -The `kiali.external_services.grafana` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Tracing -The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: -``` -http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} -``` -The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. - -## Jaeger Addon - -Jaeger allows you to trace and monitor distributed microservices. - -> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/app-readme.md b/packages/rancher-istio/1.12/rancher-istio/charts/app-readme.md deleted file mode 100644 index d5ebeedec..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/app-readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Rancher Istio - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: -* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh -* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). -## Warnings -- Upgrading across more than two minor versions (e.g., 1.6.x to 1.9.x) in one step is not officially tested or recommended. See [Istio upgrade docs](https://istio.io/latest/docs/setup/upgrade/) for more details. - -## Known Issues - -#### Airgapped Environments -**A temporary fix has been added to this chart to allow upgrades to succeed in an airgapped environment. See [this issue](https://github.com/rancher/rancher/issues/30842) for details.** We are still advocating for an upstream fix in Istio to formally resolve this issue. The root cause is the Istio Operator upgrade command reaches out to an external repo on upgrades and the external repo is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402) - -#### Installing Istio with CNI component enabled on RHEL 8.4 SElinux enabled cluster. -To install istio with CNI enabled, e.g. when cluster has a default PSP set to "restricted", on a cluster using nodes with RHEL 8.4 SElinux enabled, run the following command on each cluster node before creating a cluster. -`mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni` -See [this issue](https://github.com/rancher/rancher/issues/33291) for details. - -## Deprecations - -#### v1alpha1 security policies -As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/ - -If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version. - -> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to: -``` -Error: found 6 CRD of unsupported v1alpha1 security policy -``` -``` - Error: found 1 unsupported v1alpha1 security policy - ``` - ``` - Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x - ``` - Continue with the migration steps below before retrying the upgrade process. - -#### Migrating Resources: -Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post"). - -You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps. diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/configs/istio-base.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/configs/istio-base.yaml deleted file mode 100644 index 4f676b778..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/configs/istio-base.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - base: - enabled: {{ .Values.base.enabled }} - cni: - enabled: {{ .Values.cni.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - egressGateways: - - enabled: {{ .Values.egressGateways.enabled }} - name: istio-egressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - ingressGateways: - - enabled: {{ .Values.ingressGateways.enabled }} - name: istio-ingressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - nodePort: 31380 - - name: https - port: 443 - targetPort: 8443 - nodePort: 31390 - - name: tcp - port: 31400 - targetPort: 31400 - nodePort: 31400 - - name: tls - port: 15443 - targetPort: 15443 - istiodRemote: - enabled: {{ .Values.istiodRemote.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - pilot: - enabled: {{ .Values.pilot.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} - profile: default - tag: {{ .Values.tag }} - revision: {{ .Values.revision }} - meshConfig: - defaultConfig: - proxyMetadata: - {{- if .Values.dns.enabled }} - ISTIO_META_DNS_CAPTURE: "true" - {{- end }} - values: - gateways: - istio-egressgateway: - name: istio-egressgateway - type: {{ .Values.egressGateways.type }} - istio-ingressgateway: - name: istio-ingressgateway - type: {{ .Values.ingressGateways.type }} - global: - istioNamespace: {{ template "istio.namespace" . }} - proxy: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} - proxy_init: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} - {{- if .Values.global.defaultPodDisruptionBudget.enabled }} - defaultPodDisruptionBudget: - enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} - {{- end }} - {{- if .Values.pilot.enabled }} - pilot: - image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} - {{- end }} - telemetry: - enabled: {{ .Values.telemetry.enabled }} - v2: - enabled: {{ .Values.telemetry.v2.enabled }} - {{- if .Values.cni.enabled }} - cni: - image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} - excludeNamespaces: - {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} - logLevel: {{ .Values.cni.logLevel }} - {{- end }} diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/requirements.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/requirements.yaml deleted file mode 100644 index 943a08326..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: -- condition: kiali.enabled - name: kiali - repository: file://./charts/kiali -- condition: tracing.enabled - name: tracing - repository: file://./charts/tracing diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/samples/overlay-example.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/samples/overlay-example.yaml deleted file mode 100644 index 5cf3cf3b0..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/samples/overlay-example.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - ingressGateways: - - enabled: true - name: ilb-gateway - namespace: user-ingressgateway-ns - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal - - enabled: true - name: other-gateway - namespace: cattle-istio-system - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/_helpers.tpl b/packages/rancher-istio/1.12/rancher-istio/charts/templates/_helpers.tpl deleted file mode 100644 index 30b429a80..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "istio.namespace" -}} - {{- .Release.Namespace | default "istio-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/admin-role.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/admin-role.yaml deleted file mode 100644 index ad1313c4f..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/admin-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: istio-admin - namespace: {{ template "istio.namespace" . }} -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/base-config-map.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/base-config-map.yaml deleted file mode 100644 index 5323917bc..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/base-config-map.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-base - namespace: {{ template "istio.namespace" . }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/clusterrole.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/clusterrole.yaml deleted file mode 100644 index d8c6b40a4..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/clusterrole.yaml +++ /dev/null @@ -1,132 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-installer -rules: -# istio groups -- apiGroups: - - extensions.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - install.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - telemetry.istio.io - resources: - - '*' - verbs: - - '*' -# k8s groups -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions.apiextensions.k8s.io - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments - - deployments/finalizers - - ingresses - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - pods/exec - - persistentvolumeclaims - - secrets - - services - - serviceaccounts - verbs: - - '*' -- apiGroups: - - policy - resourceNames: - - istio-installer - resources: - - podsecuritypolicies - verbs: - - use diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/clusterrolebinding.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/clusterrolebinding.yaml deleted file mode 100644 index 9d74a0434..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-installer -subjects: -- kind: ServiceAccount - name: istio-installer - namespace: {{ template "istio.namespace" . }} -roleRef: - kind: ClusterRole - name: istio-installer - apiGroup: rbac.authorization.k8s.io diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/edit-role.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/edit-role.yaml deleted file mode 100644 index d1059d58d..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/edit-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-edit -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-cni-psp.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-cni-psp.yaml deleted file mode 100644 index 5b94c8503..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-cni-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: true - fsGroup: - rule: RunAsAny - hostNetwork: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - configMap - - emptyDir - - hostPath ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: psp-istio-cni -subjects: - - kind: ServiceAccount - name: istio-cni ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - psp-istio-cni - resources: - - podsecuritypolicies - verbs: - - use -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-install-job.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-install-job.yaml deleted file mode 100644 index c2e362e68..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-install-job.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-installer - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - template: - spec: - {{- if .Values.installer.releaseMirror.enabled }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "github.com" - {{- end }} - containers: - - name: istioctl-installer - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - - name: FORCE_INSTALL - value: {{ .Values.forceInstall | default "false" | quote }} - - name: RELEASE_MIRROR_ENABLED - value: {{ .Values.installer.releaseMirror.enabled | quote }} - - name: SECONDS_SLEEP - value: {{ .Values.installer.debug.secondsSleep | quote}} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/run.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{- end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{- end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 499 - runAsGroup: 487 - restartPolicy: Never diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-install-psp.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-install-psp.yaml deleted file mode 100644 index f0b5ee565..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-install-psp.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'configMap' - - 'secret' -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-psp.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-psp.yaml deleted file mode 100644 index b3758b74f..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-psp.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istio-psp -subjects: - - kind: ServiceAccount - name: istio-egressgateway-service-account - - kind: ServiceAccount - name: istio-ingressgateway-service-account - - kind: ServiceAccount - name: istio-mixer-service-account - - kind: ServiceAccount - name: istio-operator-authproxy - - kind: ServiceAccount - name: istiod-service-account - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - - kind: ServiceAccount - name: istiocoredns-service-account - - kind: ServiceAccount - name: default ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - istio-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-uninstall-job.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-uninstall-job.yaml deleted file mode 100644 index 0091d0c17..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/istio-uninstall-job.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-uninstaller - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - containers: - - name: istioctl-uninstaller - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{ end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{ end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 101 - runAsGroup: 101 - restartPolicy: OnFailure diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/overlay-config-map.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/overlay-config-map.yaml deleted file mode 100644 index 287d26b2c..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/overlay-config-map.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.overlayFile }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-overlay - namespace: {{ template "istio.namespace" . }} -data: - overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} -{{- end }} diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/service-monitors.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/service-monitors.yaml deleted file mode 100644 index c3d60c4fc..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/service-monitors.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.kiali.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: envoy-stats-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-proxies -spec: - selector: - matchExpressions: - - {key: istio-prometheus-ignore, operator: DoesNotExist} - namespaceSelector: - any: true - jobLabel: envoy-stats - endpoints: - - path: /stats/prometheus - targetPort: 15090 - interval: 15s - relabelings: - - sourceLabels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - action: labeldrop - regex: "__meta_kubernetes_pod_label_(.+)" - - sourceLabels: [__meta_kubernetes_namespace] - action: replace - targetLabel: namespace - - sourceLabels: [__meta_kubernetes_pod_name] - action: replace - targetLabel: pod_name ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: istio-component-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-components -spec: - jobLabel: istio - targetLabels: [app] - selector: - matchExpressions: - - {key: istio, operator: In, values: [pilot]} - namespaceSelector: - any: true - endpoints: - - port: http-monitoring - interval: 15s -{{- end -}} diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/serviceaccount.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/serviceaccount.yaml deleted file mode 100644 index 82b6cbb7e..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/templates/view-role.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/templates/view-role.yaml deleted file mode 100644 index 5947d3eba..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/templates/view-role.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-view -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: ["get", "watch", "list"] - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: ["get", "watch", "list"] diff --git a/packages/rancher-istio/1.12/rancher-istio/charts/values.yaml b/packages/rancher-istio/1.12/rancher-istio/charts/values.yaml deleted file mode 100644 index f111fcbd0..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/charts/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -overlayFile: "" -tag: 1.12.6 -##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install -forceInstall: false - -installer: - repository: rancher/istio-installer - tag: 1.12.6-rancher3 - ##releaseMirror are configurations for istio upgrades. - ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal - ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets. - releaseMirror: - enabled: false - - ##Set the secondsSleep to run a sleep command `sleep s` to allow time to exec into istio-installer pod for debugging - debug: - secondsSleep: 0 - -##Native support for dns added in 1.8 -dns: - enabled: false - -base: - enabled: true - -cni: - enabled: false - repository: rancher/mirrored-istio-install-cni - tag: 1.12.6 - logLevel: info - excludeNamespaces: - - istio-system - - kube-system - -egressGateways: - enabled: false - type: NodePort - -ingressGateways: - enabled: true - type: NodePort - -istiodRemote: - enabled: false - -pilot: - enabled: true - repository: rancher/mirrored-istio-pilot - tag: 1.12.6 - -telemetry: - enabled: true - v2: - enabled: true - -global: - cattle: - systemDefaultRegistry: "" - proxy: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.12.6 - proxy_init: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.12.6 - defaultPodDisruptionBudget: - enabled: true - rbac: - pspEnabled: true - -# Kiali subchart from rancher-kiali-server -kiali: - enabled: true - auth: - strategy: anonymous - deployment: - ingress_enabled: false - external_services: - prometheus: - custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - tracing: - in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" - use_grpc: false - grafana: - in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - -tracing: - enabled: false - contextPath: "/jaeger" - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] diff --git a/packages/rancher-istio/1.12/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml b/packages/rancher-istio/1.12/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml deleted file mode 100644 index 90d471254..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml +++ /dev/null @@ -1,2 +0,0 @@ -workingDir: "" -url: packages/rancher-istio/1.12/rancher-kiali-server diff --git a/packages/rancher-istio/1.12/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml b/packages/rancher-istio/1.12/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml deleted file mode 100644 index dd61d79fe..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml +++ /dev/null @@ -1,2 +0,0 @@ -workingDir: "" -url: packages/rancher-istio/1.12/rancher-tracing diff --git a/packages/rancher-istio/1.12/rancher-istio/package.yaml b/packages/rancher-istio/1.12/rancher-istio/package.yaml deleted file mode 100644 index 8211cfd66..000000000 --- a/packages/rancher-istio/1.12/rancher-istio/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: local -version: 100.2.1+up1.12.6 diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml b/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml deleted file mode 100644 index f891892cc..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: kiali ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "kiali-server.fullname" . }}-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml b/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml deleted file mode 100644 index 970d4e4f5..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.web_root_override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; -{{- end }} diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch b/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 452a47cd5..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -1,17 +1,26 @@ -+annotations: -+ catalog.cattle.io/hidden: "true" -+ catalog.cattle.io/os: linux -+ catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 -+ catalog.rancher.io/namespace: cattle-istio-system -+ catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.44.0 - description: Kiali is an open source project for service mesh observability, refer -- to https://www.kiali.io for details. -+ to https://www.kiali.io for details. This is installed as sub-chart with customized -+ values in Rancher's Istio. - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali -+- networking -+- infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io --name: kiali-server -+name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch deleted file mode 100644 index 08f76c6e7..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch +++ /dev/null @@ -1,49 +0,0 @@ ---- charts-original/templates/_helpers.tpl -+++ charts/templates/_helpers.tpl -@@ -50,8 +50,15 @@ - Selector labels - */}} - {{- define "kiali-server.selectorLabels" -}} -+{{- $releaseName := .Release.Name -}} -+{{- $fullName := include "kiali-server.fullname" . -}} -+{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} - app.kubernetes.io/name: kiali --app.kubernetes.io/instance: {{ include "kiali-server.fullname" . }} -+{{- if (and .Release.IsUpgrade $deployment)}} -+app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} -+{{- else }} -+app.kubernetes.io/instance: {{ $fullName }} -+{{- end }} - {{- end }} - - {{/* -@@ -170,4 +177,27 @@ - {{- else }} - {{- .Release.Namespace }} - {{- end }} --{{- end }} -\ No newline at end of file -+{{- end }} -+ -+{{- define "system_default_registry" -}} -+{{- if .Values.global.cattle.systemDefaultRegistry -}} -+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -+{{- else -}} -+{{- "" -}} -+{{- end -}} -+{{- end -}} -+ -+{{/* -+Windows cluster will add default taint for linux nodes, -+add below linux tolerations to workloads could be scheduled to those linux nodes -+*/}} -+{{- define "linux-node-tolerations" -}} -+- key: "cattle.io/os" -+ value: "linux" -+ effect: "NoSchedule" -+ operator: "Equal" -+{{- end -}} -+ -+{{- define "linux-node-selector" -}} -+kubernetes.io/os: linux -+{{- end -}} diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch b/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch deleted file mode 100644 index d1ed69f21..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- charts-original/templates/deployment.yaml -+++ charts/templates/deployment.yaml -@@ -53,7 +53,7 @@ - {{- toYaml .Values.deployment.host_aliases | nindent 6 }} - {{- end }} - containers: -- - image: "{{ .Values.deployment.image_name }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.image_version }}" -+ - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.tag }}" - imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} - name: {{ include "kiali-server.fullname" . }} - command: -@@ -108,6 +108,11 @@ - - name: LOG_SAMPLER_RATE - value: "{{ .Values.deployment.logger.sampler_rate }}" - volumeMounts: -+ {{- if .Values.web_root_override }} -+ - name: kiali-console -+ subPath: env.js -+ mountPath: /opt/kiali/console/env.js -+ {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - mountPath: "/kiali-configuration" - - name: {{ include "kiali-server.fullname" . }}-cert -@@ -125,6 +130,14 @@ - {{- toYaml .Values.deployment.resources | nindent 10 }} - {{- end }} - volumes: -+ {{- if .Values.web_root_override }} -+ - name: kiali-console -+ configMap: -+ name: kiali-console -+ items: -+ - key: env.js -+ path: env.js -+ {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - configMap: - name: {{ include "kiali-server.fullname" . }} -@@ -169,12 +182,12 @@ - {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} - {{- end }} - {{- end }} -- {{- if .Values.deployment.tolerations }} -- tolerations: -- {{- toYaml .Values.deployment.tolerations | nindent 8 }} -- {{- end }} -- {{- if .Values.deployment.node_selector }} -- nodeSelector: -- {{- toYaml .Values.deployment.node_selector | nindent 8 }} -- {{- end }} -+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -+{{- if .Values.deployment.tolerations }} -+{{ toYaml .Values.deployment.tolerations | indent 8 }} -+{{- end }} -+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -+{{- if .Values.deployment.node_selector }} -+{{ toYaml .Values.deployment.node_selector | indent 8 }} -+{{- end }} - ... diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/values.yaml.patch b/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/values.yaml.patch deleted file mode 100644 index 8ffdc82f2..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/generated-changes/patch/values.yaml.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- charts-original/values.yaml -+++ charts/values.yaml -@@ -13,6 +13,9 @@ - # do this, a PR would be welcome. - kiali_route_url: "" - -+# rancher specific override that allows proxy access to kiali url -+web_root_override: true -+ - # - # Settings that mimic the Kiali CR which are placed in the ConfigMap. - # Note that only those values used by the Helm Chart will be here. -@@ -41,10 +44,10 @@ - api_version: "autoscaling/v2beta2" - spec: {} - image_digest: "" # use "sha256" if image_version is a sha256 hash (do NOT prefix this value with a "@") -- image_name: quay.io/kiali/kiali -+ repository: rancher/mirrored-kiali-kiali - image_pull_policy: "Always" - image_pull_secrets: [] -- image_version: v1.44.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash -+ tag: v1.44.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash - ingress: - additional_labels: {} - class_name: "nginx" -@@ -101,3 +104,13 @@ - metrics_enabled: true - metrics_port: 9090 - web_root: "" -+ -+# Common settings used among istio subcharts. -+global: -+ # Specify rancher clusterId of external tracing config -+ # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 -+ cattle: -+ systemDefaultRegistry: "" -+ clusterId: -+ rbac: -+ pspEnabled: false diff --git a/packages/rancher-istio/1.12/rancher-kiali-server/package.yaml b/packages/rancher-istio/1.12/rancher-kiali-server/package.yaml deleted file mode 100644 index 98d9b9023..000000000 --- a/packages/rancher-istio/1.12/rancher-kiali-server/package.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: https://kiali.org/helm-charts/kiali-server-1.44.0.tgz -version: 100.0.0 -doNotRelease: true \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/.helmignore b/packages/rancher-istio/1.12/rancher-tracing/charts/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/Chart.yaml b/packages/rancher-istio/1.12/rancher-tracing/charts/Chart.yaml deleted file mode 100644 index 7042045e3..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing -apiVersion: v1 -appVersion: 1.32.0 -description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for details. -name: rancher-tracing -version: 1.32.0 diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/README.md b/packages/rancher-istio/1.12/rancher-tracing/charts/README.md deleted file mode 100644 index 25534c628..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Jaeger - -A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. - -> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/_affinity.tpl b/packages/rancher-istio/1.12/rancher-tracing/charts/templates/_affinity.tpl deleted file mode 100644 index bf6a9aee5..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/_affinity.tpl +++ /dev/null @@ -1,92 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} -{{- define "nodeAffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/_helpers.tpl b/packages/rancher-istio/1.12/rancher-tracing/charts/templates/_helpers.tpl deleted file mode 100644 index 09c6b0546..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/deployment.yaml b/packages/rancher-istio/1.12/rancher-tracing/charts/templates/deployment.yaml deleted file mode 100644 index 59928735f..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ .Values.provider }} - template: - metadata: - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - env: - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HOST_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeAffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.global.rbac.pspEnabled }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: {{ include "tracing.fullname" . }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/psp.yaml b/packages/rancher-istio/1.12/rancher-tracing/charts/templates/psp.yaml deleted file mode 100644 index 44b230492..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "tracing.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "tracing.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "tracing.fullname" . }} - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - emptyDir - - secret - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/pvc.yaml b/packages/rancher-istio/1.12/rancher-tracing/charts/templates/pvc.yaml deleted file mode 100644 index 9b4c55e4f..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: {{.Values.jaeger.persistentVolumeClaim.storage }} -{{- end }} diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/service.yaml b/packages/rancher-istio/1.12/rancher-tracing/charts/templates/service.yaml deleted file mode 100644 index 4210a9b5f..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/templates/service.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.service.externalPort }} - protocol: TCP - targetPort: 16686 - selector: - app: {{ .Values.provider }} ---- -# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. -apiVersion: v1 -kind: Service -metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - name: zipkin - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - selector: - app: {{ .Values.provider }} ---- -apiVersion: v1 -kind: Service -metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: {{ .Values.provider }} diff --git a/packages/rancher-istio/1.12/rancher-tracing/charts/values.yaml b/packages/rancher-istio/1.12/rancher-tracing/charts/values.yaml deleted file mode 100644 index d01450233..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/charts/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -provider: jaeger -contextPath: "" -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] -nameOverride: "" -fullnameOverride: "" - -global: - cattle: - systemDefaultRegistry: "" - defaultResources: {} - imagePullPolicy: IfNotPresent - imagePullSecrets: [] - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - defaultNodeSelector: - kubernetes.io/os: linux - rbac: - pspEnabled: false - -jaeger: - repository: rancher/mirrored-jaegertracing-all-in-one - tag: 1.32.0 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - resources: - requests: - cpu: 10m - persistentVolumeClaim: - enabled: false - storage: 5Gi - storageClassName: "" - accessMode: ReadWriteMany - memory: - max_traces: 50000 -zipkin: - queryPort: 9411 -service: - annotations: {} - name: http-query - type: ClusterIP - externalPort: 16686 diff --git a/packages/rancher-istio/1.12/rancher-tracing/package.yaml b/packages/rancher-istio/1.12/rancher-tracing/package.yaml deleted file mode 100644 index 2ba0a939c..000000000 --- a/packages/rancher-istio/1.12/rancher-tracing/package.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: local -version: 100.0.0 -doNotRelease: true \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/Chart.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/Chart.yaml deleted file mode 100644 index 778a043be..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.24.0-0' - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: istio - catalog.cattle.io/upstream-version: 1.13.3 -apiVersion: v1 -appVersion: 1.13.3 -description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. -icon: https://charts.rancher.io/assets/logos/istio.svg -keywords: -- networking -- infrastructure -name: rancher-istio -version: 1.13.3 diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/README.md b/packages/rancher-istio/1.13/rancher-istio/charts/README.md deleted file mode 100644 index 2230c6185..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# Rancher-Istio Chart - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. - -See the app-readme for known issues and deprecations. - -## Installation Requirements - -#### Chart Dependencies -- rancher-monitoring chart or other Prometheus installation - -#### Install -To install the rancher-istio chart with helm, use the following command: -``` -helm install rancher-istio --create-namespace -n istio-system -``` - -#### Uninstall -To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. - -**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:** -`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` - -## Addons -The addons that are included with rancher-istio are: - -- Kiali -- Jaeger - -Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon. -### Kiali Addon - -Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. - -#### Kiali Dependencies -##### rancher-monitoring chart or other Prometheus installation - -This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. - -#### Prometheus Configuration for Kiali -> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. - -The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. - -To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. - -1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. -1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. - -#### Kiali External Services - -The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing. - -##### Prometheus -The `kiali.external_services.prometheus` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Grafana -The `kiali.external_services.grafana` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Tracing -The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: -``` -http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} -``` -The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. - -## Jaeger Addon - -Jaeger allows you to trace and monitor distributed microservices. - -> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/app-readme.md b/packages/rancher-istio/1.13/rancher-istio/charts/app-readme.md deleted file mode 100644 index d5ebeedec..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/app-readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Rancher Istio - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: -* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh -* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). -## Warnings -- Upgrading across more than two minor versions (e.g., 1.6.x to 1.9.x) in one step is not officially tested or recommended. See [Istio upgrade docs](https://istio.io/latest/docs/setup/upgrade/) for more details. - -## Known Issues - -#### Airgapped Environments -**A temporary fix has been added to this chart to allow upgrades to succeed in an airgapped environment. See [this issue](https://github.com/rancher/rancher/issues/30842) for details.** We are still advocating for an upstream fix in Istio to formally resolve this issue. The root cause is the Istio Operator upgrade command reaches out to an external repo on upgrades and the external repo is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402) - -#### Installing Istio with CNI component enabled on RHEL 8.4 SElinux enabled cluster. -To install istio with CNI enabled, e.g. when cluster has a default PSP set to "restricted", on a cluster using nodes with RHEL 8.4 SElinux enabled, run the following command on each cluster node before creating a cluster. -`mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni` -See [this issue](https://github.com/rancher/rancher/issues/33291) for details. - -## Deprecations - -#### v1alpha1 security policies -As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/ - -If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version. - -> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to: -``` -Error: found 6 CRD of unsupported v1alpha1 security policy -``` -``` - Error: found 1 unsupported v1alpha1 security policy - ``` - ``` - Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x - ``` - Continue with the migration steps below before retrying the upgrade process. - -#### Migrating Resources: -Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post"). - -You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps. diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/configs/istio-base.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/configs/istio-base.yaml deleted file mode 100644 index 4f676b778..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/configs/istio-base.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - base: - enabled: {{ .Values.base.enabled }} - cni: - enabled: {{ .Values.cni.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - egressGateways: - - enabled: {{ .Values.egressGateways.enabled }} - name: istio-egressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - ingressGateways: - - enabled: {{ .Values.ingressGateways.enabled }} - name: istio-ingressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - nodePort: 31380 - - name: https - port: 443 - targetPort: 8443 - nodePort: 31390 - - name: tcp - port: 31400 - targetPort: 31400 - nodePort: 31400 - - name: tls - port: 15443 - targetPort: 15443 - istiodRemote: - enabled: {{ .Values.istiodRemote.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - pilot: - enabled: {{ .Values.pilot.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} - profile: default - tag: {{ .Values.tag }} - revision: {{ .Values.revision }} - meshConfig: - defaultConfig: - proxyMetadata: - {{- if .Values.dns.enabled }} - ISTIO_META_DNS_CAPTURE: "true" - {{- end }} - values: - gateways: - istio-egressgateway: - name: istio-egressgateway - type: {{ .Values.egressGateways.type }} - istio-ingressgateway: - name: istio-ingressgateway - type: {{ .Values.ingressGateways.type }} - global: - istioNamespace: {{ template "istio.namespace" . }} - proxy: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} - proxy_init: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} - {{- if .Values.global.defaultPodDisruptionBudget.enabled }} - defaultPodDisruptionBudget: - enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} - {{- end }} - {{- if .Values.pilot.enabled }} - pilot: - image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} - {{- end }} - telemetry: - enabled: {{ .Values.telemetry.enabled }} - v2: - enabled: {{ .Values.telemetry.v2.enabled }} - {{- if .Values.cni.enabled }} - cni: - image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} - excludeNamespaces: - {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} - logLevel: {{ .Values.cni.logLevel }} - {{- end }} diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/requirements.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/requirements.yaml deleted file mode 100644 index 943a08326..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: -- condition: kiali.enabled - name: kiali - repository: file://./charts/kiali -- condition: tracing.enabled - name: tracing - repository: file://./charts/tracing diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/samples/overlay-example.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/samples/overlay-example.yaml deleted file mode 100644 index 5cf3cf3b0..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/samples/overlay-example.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - ingressGateways: - - enabled: true - name: ilb-gateway - namespace: user-ingressgateway-ns - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal - - enabled: true - name: other-gateway - namespace: cattle-istio-system - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/_helpers.tpl b/packages/rancher-istio/1.13/rancher-istio/charts/templates/_helpers.tpl deleted file mode 100644 index 30b429a80..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "istio.namespace" -}} - {{- .Release.Namespace | default "istio-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/admin-role.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/admin-role.yaml deleted file mode 100644 index ad1313c4f..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/admin-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: istio-admin - namespace: {{ template "istio.namespace" . }} -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/base-config-map.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/base-config-map.yaml deleted file mode 100644 index 5323917bc..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/base-config-map.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-base - namespace: {{ template "istio.namespace" . }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/clusterrole.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/clusterrole.yaml deleted file mode 100644 index d8c6b40a4..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/clusterrole.yaml +++ /dev/null @@ -1,132 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-installer -rules: -# istio groups -- apiGroups: - - extensions.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - install.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - telemetry.istio.io - resources: - - '*' - verbs: - - '*' -# k8s groups -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions.apiextensions.k8s.io - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments - - deployments/finalizers - - ingresses - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - pods/exec - - persistentvolumeclaims - - secrets - - services - - serviceaccounts - verbs: - - '*' -- apiGroups: - - policy - resourceNames: - - istio-installer - resources: - - podsecuritypolicies - verbs: - - use diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/clusterrolebinding.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/clusterrolebinding.yaml deleted file mode 100644 index 9d74a0434..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-installer -subjects: -- kind: ServiceAccount - name: istio-installer - namespace: {{ template "istio.namespace" . }} -roleRef: - kind: ClusterRole - name: istio-installer - apiGroup: rbac.authorization.k8s.io diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/edit-role.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/edit-role.yaml deleted file mode 100644 index d1059d58d..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/edit-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-edit -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-cni-psp.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-cni-psp.yaml deleted file mode 100644 index 5b94c8503..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-cni-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: true - fsGroup: - rule: RunAsAny - hostNetwork: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - configMap - - emptyDir - - hostPath ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: psp-istio-cni -subjects: - - kind: ServiceAccount - name: istio-cni ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - psp-istio-cni - resources: - - podsecuritypolicies - verbs: - - use -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-install-job.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-install-job.yaml deleted file mode 100644 index c2e362e68..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-install-job.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-installer - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - template: - spec: - {{- if .Values.installer.releaseMirror.enabled }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "github.com" - {{- end }} - containers: - - name: istioctl-installer - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - - name: FORCE_INSTALL - value: {{ .Values.forceInstall | default "false" | quote }} - - name: RELEASE_MIRROR_ENABLED - value: {{ .Values.installer.releaseMirror.enabled | quote }} - - name: SECONDS_SLEEP - value: {{ .Values.installer.debug.secondsSleep | quote}} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/run.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{- end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{- end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 499 - runAsGroup: 487 - restartPolicy: Never diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-install-psp.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-install-psp.yaml deleted file mode 100644 index f0b5ee565..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-install-psp.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'configMap' - - 'secret' -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-psp.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-psp.yaml deleted file mode 100644 index b3758b74f..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-psp.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istio-psp -subjects: - - kind: ServiceAccount - name: istio-egressgateway-service-account - - kind: ServiceAccount - name: istio-ingressgateway-service-account - - kind: ServiceAccount - name: istio-mixer-service-account - - kind: ServiceAccount - name: istio-operator-authproxy - - kind: ServiceAccount - name: istiod-service-account - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - - kind: ServiceAccount - name: istiocoredns-service-account - - kind: ServiceAccount - name: default ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - istio-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-uninstall-job.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-uninstall-job.yaml deleted file mode 100644 index 0091d0c17..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/istio-uninstall-job.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-uninstaller - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - containers: - - name: istioctl-uninstaller - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{ end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{ end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 101 - runAsGroup: 101 - restartPolicy: OnFailure diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/overlay-config-map.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/overlay-config-map.yaml deleted file mode 100644 index 287d26b2c..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/overlay-config-map.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.overlayFile }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-overlay - namespace: {{ template "istio.namespace" . }} -data: - overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} -{{- end }} diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/service-monitors.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/service-monitors.yaml deleted file mode 100644 index c3d60c4fc..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/service-monitors.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.kiali.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: envoy-stats-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-proxies -spec: - selector: - matchExpressions: - - {key: istio-prometheus-ignore, operator: DoesNotExist} - namespaceSelector: - any: true - jobLabel: envoy-stats - endpoints: - - path: /stats/prometheus - targetPort: 15090 - interval: 15s - relabelings: - - sourceLabels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - action: labeldrop - regex: "__meta_kubernetes_pod_label_(.+)" - - sourceLabels: [__meta_kubernetes_namespace] - action: replace - targetLabel: namespace - - sourceLabels: [__meta_kubernetes_pod_name] - action: replace - targetLabel: pod_name ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: istio-component-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-components -spec: - jobLabel: istio - targetLabels: [app] - selector: - matchExpressions: - - {key: istio, operator: In, values: [pilot]} - namespaceSelector: - any: true - endpoints: - - port: http-monitoring - interval: 15s -{{- end -}} diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/serviceaccount.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/serviceaccount.yaml deleted file mode 100644 index 82b6cbb7e..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/templates/view-role.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/templates/view-role.yaml deleted file mode 100644 index 5947d3eba..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/templates/view-role.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-view -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: ["get", "watch", "list"] - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: ["get", "watch", "list"] diff --git a/packages/rancher-istio/1.13/rancher-istio/charts/values.yaml b/packages/rancher-istio/1.13/rancher-istio/charts/values.yaml deleted file mode 100644 index 394106820..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/charts/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -overlayFile: "" -tag: 1.13.3 -##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install -forceInstall: false - -installer: - repository: rancher/istio-installer - tag: 1.13.3-rancher1 - ##releaseMirror are configurations for istio upgrades. - ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal - ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets. - releaseMirror: - enabled: false - - ##Set the secondsSleep to run a sleep command `sleep s` to allow time to exec into istio-installer pod for debugging - debug: - secondsSleep: 0 - -##Native support for dns added in 1.8 -dns: - enabled: false - -base: - enabled: true - -cni: - enabled: false - repository: rancher/mirrored-istio-install-cni - tag: 1.13.3 - logLevel: info - excludeNamespaces: - - istio-system - - kube-system - -egressGateways: - enabled: false - type: NodePort - -ingressGateways: - enabled: true - type: NodePort - -istiodRemote: - enabled: false - -pilot: - enabled: true - repository: rancher/mirrored-istio-pilot - tag: 1.13.3 - -telemetry: - enabled: true - v2: - enabled: true - -global: - cattle: - systemDefaultRegistry: "" - proxy: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.13.3 - proxy_init: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.13.3 - defaultPodDisruptionBudget: - enabled: true - rbac: - pspEnabled: true - -# Kiali subchart from rancher-kiali-server -kiali: - enabled: true - auth: - strategy: anonymous - deployment: - ingress_enabled: false - external_services: - prometheus: - custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - tracing: - in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" - use_grpc: false - grafana: - in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - -tracing: - enabled: false - contextPath: "/jaeger" - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] diff --git a/packages/rancher-istio/1.13/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml b/packages/rancher-istio/1.13/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml deleted file mode 100644 index ebcbdc88b..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/generated-changes/dependencies/kiali/dependency.yaml +++ /dev/null @@ -1,2 +0,0 @@ -workingDir: "" -url: packages/rancher-istio/1.13/rancher-kiali-server diff --git a/packages/rancher-istio/1.13/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml b/packages/rancher-istio/1.13/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml deleted file mode 100644 index 7648c98a1..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/generated-changes/dependencies/tracing/dependency.yaml +++ /dev/null @@ -1,2 +0,0 @@ -workingDir: "" -url: packages/rancher-istio/1.13/rancher-tracing diff --git a/packages/rancher-istio/1.13/rancher-istio/package.yaml b/packages/rancher-istio/1.13/rancher-istio/package.yaml deleted file mode 100644 index 904e94a1f..000000000 --- a/packages/rancher-istio/1.13/rancher-istio/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: local -version: 100.3.0+up1.13.3 diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml b/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml deleted file mode 100644 index f891892cc..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/overlay/templates/psp.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: kiali ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "kiali-server.fullname" . }}-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml b/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml deleted file mode 100644 index 970d4e4f5..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/overlay/templates/web-root-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.web_root_override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; -{{- end }} diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch b/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 1a3101524..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -1,17 +1,26 @@ -+annotations: -+ catalog.cattle.io/hidden: "true" -+ catalog.cattle.io/os: linux -+ catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 -+ catalog.rancher.io/namespace: cattle-istio-system -+ catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.50.0 - description: Kiali is an open source project for service mesh observability, refer -- to https://www.kiali.io for details. -+ to https://www.kiali.io for details. This is installed as sub-chart with customized -+ values in Rancher's Istio. - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali -+- networking -+- infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io --name: kiali-server -+name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch deleted file mode 100644 index 08f76c6e7..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/templates/_helpers.tpl.patch +++ /dev/null @@ -1,49 +0,0 @@ ---- charts-original/templates/_helpers.tpl -+++ charts/templates/_helpers.tpl -@@ -50,8 +50,15 @@ - Selector labels - */}} - {{- define "kiali-server.selectorLabels" -}} -+{{- $releaseName := .Release.Name -}} -+{{- $fullName := include "kiali-server.fullname" . -}} -+{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} - app.kubernetes.io/name: kiali --app.kubernetes.io/instance: {{ include "kiali-server.fullname" . }} -+{{- if (and .Release.IsUpgrade $deployment)}} -+app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} -+{{- else }} -+app.kubernetes.io/instance: {{ $fullName }} -+{{- end }} - {{- end }} - - {{/* -@@ -170,4 +177,27 @@ - {{- else }} - {{- .Release.Namespace }} - {{- end }} --{{- end }} -\ No newline at end of file -+{{- end }} -+ -+{{- define "system_default_registry" -}} -+{{- if .Values.global.cattle.systemDefaultRegistry -}} -+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -+{{- else -}} -+{{- "" -}} -+{{- end -}} -+{{- end -}} -+ -+{{/* -+Windows cluster will add default taint for linux nodes, -+add below linux tolerations to workloads could be scheduled to those linux nodes -+*/}} -+{{- define "linux-node-tolerations" -}} -+- key: "cattle.io/os" -+ value: "linux" -+ effect: "NoSchedule" -+ operator: "Equal" -+{{- end -}} -+ -+{{- define "linux-node-selector" -}} -+kubernetes.io/os: linux -+{{- end -}} diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch b/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch deleted file mode 100644 index d1ed69f21..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/templates/deployment.yaml.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- charts-original/templates/deployment.yaml -+++ charts/templates/deployment.yaml -@@ -53,7 +53,7 @@ - {{- toYaml .Values.deployment.host_aliases | nindent 6 }} - {{- end }} - containers: -- - image: "{{ .Values.deployment.image_name }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.image_version }}" -+ - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.tag }}" - imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} - name: {{ include "kiali-server.fullname" . }} - command: -@@ -108,6 +108,11 @@ - - name: LOG_SAMPLER_RATE - value: "{{ .Values.deployment.logger.sampler_rate }}" - volumeMounts: -+ {{- if .Values.web_root_override }} -+ - name: kiali-console -+ subPath: env.js -+ mountPath: /opt/kiali/console/env.js -+ {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - mountPath: "/kiali-configuration" - - name: {{ include "kiali-server.fullname" . }}-cert -@@ -125,6 +130,14 @@ - {{- toYaml .Values.deployment.resources | nindent 10 }} - {{- end }} - volumes: -+ {{- if .Values.web_root_override }} -+ - name: kiali-console -+ configMap: -+ name: kiali-console -+ items: -+ - key: env.js -+ path: env.js -+ {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - configMap: - name: {{ include "kiali-server.fullname" . }} -@@ -169,12 +182,12 @@ - {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} - {{- end }} - {{- end }} -- {{- if .Values.deployment.tolerations }} -- tolerations: -- {{- toYaml .Values.deployment.tolerations | nindent 8 }} -- {{- end }} -- {{- if .Values.deployment.node_selector }} -- nodeSelector: -- {{- toYaml .Values.deployment.node_selector | nindent 8 }} -- {{- end }} -+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -+{{- if .Values.deployment.tolerations }} -+{{ toYaml .Values.deployment.tolerations | indent 8 }} -+{{- end }} -+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -+{{- if .Values.deployment.node_selector }} -+{{ toYaml .Values.deployment.node_selector | indent 8 }} -+{{- end }} - ... diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/values.yaml.patch b/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/values.yaml.patch deleted file mode 100644 index 8a24f361c..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/generated-changes/patch/values.yaml.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- charts-original/values.yaml -+++ charts/values.yaml -@@ -13,6 +13,9 @@ - # do this, a PR would be welcome. - kiali_route_url: "" - -+# rancher specific override that allows proxy access to kiali url -+web_root_override: true -+ - # - # Settings that mimic the Kiali CR which are placed in the ConfigMap. - # Note that only those values used by the Helm Chart will be here. -@@ -42,10 +45,10 @@ - api_version: "autoscaling/v2beta2" - spec: {} - image_digest: "" # use "sha256" if image_version is a sha256 hash (do NOT prefix this value with a "@") -- image_name: quay.io/kiali/kiali -+ repository: rancher/mirrored-kiali-kiali - image_pull_policy: "Always" - image_pull_secrets: [] -- image_version: v1.50.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash -+ tag: v1.50.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash - ingress: - additional_labels: {} - class_name: "nginx" -@@ -106,3 +109,13 @@ - metrics_enabled: true - metrics_port: 9090 - web_root: "" -+ -+# Common settings used among istio subcharts. -+global: -+ # Specify rancher clusterId of external tracing config -+ # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 -+ cattle: -+ systemDefaultRegistry: "" -+ clusterId: -+ rbac: -+ pspEnabled: false diff --git a/packages/rancher-istio/1.13/rancher-kiali-server/package.yaml b/packages/rancher-istio/1.13/rancher-kiali-server/package.yaml deleted file mode 100644 index f6832be7f..000000000 --- a/packages/rancher-istio/1.13/rancher-kiali-server/package.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: https://kiali.org/helm-charts/kiali-server-1.50.0.tgz -version: 100.0.0 -doNotRelease: true \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/.helmignore b/packages/rancher-istio/1.13/rancher-tracing/charts/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/Chart.yaml b/packages/rancher-istio/1.13/rancher-tracing/charts/Chart.yaml deleted file mode 100644 index fcf231f9f..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing -apiVersion: v1 -appVersion: 1.33.0 -description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for details. -name: rancher-tracing -version: 1.33.0 diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/README.md b/packages/rancher-istio/1.13/rancher-tracing/charts/README.md deleted file mode 100644 index 25534c628..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Jaeger - -A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. - -> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/_affinity.tpl b/packages/rancher-istio/1.13/rancher-tracing/charts/templates/_affinity.tpl deleted file mode 100644 index bf6a9aee5..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/_affinity.tpl +++ /dev/null @@ -1,92 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} -{{- define "nodeAffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/_helpers.tpl b/packages/rancher-istio/1.13/rancher-tracing/charts/templates/_helpers.tpl deleted file mode 100644 index 09c6b0546..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/deployment.yaml b/packages/rancher-istio/1.13/rancher-tracing/charts/templates/deployment.yaml deleted file mode 100644 index 59928735f..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ .Values.provider }} - template: - metadata: - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - env: - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HOST_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeAffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.global.rbac.pspEnabled }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: {{ include "tracing.fullname" . }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/psp.yaml b/packages/rancher-istio/1.13/rancher-tracing/charts/templates/psp.yaml deleted file mode 100644 index 44b230492..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "tracing.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "tracing.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "tracing.fullname" . }} - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - emptyDir - - secret - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/pvc.yaml b/packages/rancher-istio/1.13/rancher-tracing/charts/templates/pvc.yaml deleted file mode 100644 index 9b4c55e4f..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: {{.Values.jaeger.persistentVolumeClaim.storage }} -{{- end }} diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/service.yaml b/packages/rancher-istio/1.13/rancher-tracing/charts/templates/service.yaml deleted file mode 100644 index 4210a9b5f..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/templates/service.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.service.externalPort }} - protocol: TCP - targetPort: 16686 - selector: - app: {{ .Values.provider }} ---- -# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. -apiVersion: v1 -kind: Service -metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - name: zipkin - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - selector: - app: {{ .Values.provider }} ---- -apiVersion: v1 -kind: Service -metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: {{ .Values.provider }} diff --git a/packages/rancher-istio/1.13/rancher-tracing/charts/values.yaml b/packages/rancher-istio/1.13/rancher-tracing/charts/values.yaml deleted file mode 100644 index 9ffe8785a..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/charts/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -provider: jaeger -contextPath: "" -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] -nameOverride: "" -fullnameOverride: "" - -global: - cattle: - systemDefaultRegistry: "" - defaultResources: {} - imagePullPolicy: IfNotPresent - imagePullSecrets: [] - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - defaultNodeSelector: - kubernetes.io/os: linux - rbac: - pspEnabled: false - -jaeger: - repository: rancher/mirrored-jaegertracing-all-in-one - tag: 1.33.0 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - resources: - requests: - cpu: 10m - persistentVolumeClaim: - enabled: false - storage: 5Gi - storageClassName: "" - accessMode: ReadWriteMany - memory: - max_traces: 50000 -zipkin: - queryPort: 9411 -service: - annotations: {} - name: http-query - type: ClusterIP - externalPort: 16686 diff --git a/packages/rancher-istio/1.13/rancher-tracing/package.yaml b/packages/rancher-istio/1.13/rancher-tracing/package.yaml deleted file mode 100644 index 2ba0a939c..000000000 --- a/packages/rancher-istio/1.13/rancher-tracing/package.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: local -version: 100.0.0 -doNotRelease: true \ No newline at end of file