From dff76e3f4f3f424bcd1e919339a849310e8c6e00 Mon Sep 17 00:00:00 2001 From: Vaishnav Gaikwad Date: Thu, 14 Apr 2022 17:33:27 +0530 Subject: [PATCH 1/3] fixes rancher/rancher#37218 --- .../rancher-istio/charts/templates/clusterrole.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/rancher-istio/rancher-istio/charts/templates/clusterrole.yaml b/packages/rancher-istio/rancher-istio/charts/templates/clusterrole.yaml index 8eeb78758..d8c6b40a4 100644 --- a/packages/rancher-istio/rancher-istio/charts/templates/clusterrole.yaml +++ b/packages/rancher-istio/rancher-istio/charts/templates/clusterrole.yaml @@ -4,6 +4,12 @@ metadata: name: istio-installer rules: # istio groups +- apiGroups: + - extensions.istio.io + resources: + - '*' + verbs: + - '*' - apiGroups: - authentication.istio.io resources: From 9b95b78e9d410abca0340631cde5042ac1ad31c8 Mon Sep 17 00:00:00 2001 From: Vaishnav Gaikwad Date: Thu, 14 Apr 2022 17:42:03 +0530 Subject: [PATCH 2/3] remove existing istio chart --- .../rancher-istio-100.2.0+up1.12.6.tgz | Bin 18491 -> 0 bytes .../rancher-istio/100.2.0+up1.12.6/Chart.yaml | 24 --- .../rancher-istio/100.2.0+up1.12.6/README.md | 79 ------- .../100.2.0+up1.12.6/app-readme.md | 43 ---- .../100.2.0+up1.12.6/charts/kiali/Chart.yaml | 29 --- .../charts/kiali/templates/NOTES.txt | 5 - .../charts/kiali/templates/_helpers.tpl | 203 ------------------ .../charts/kiali/templates/cabundle.yaml | 13 -- .../charts/kiali/templates/configmap.yaml | 26 --- .../charts/kiali/templates/deployment.yaml | 193 ----------------- .../charts/kiali/templates/hpa.yaml | 17 -- .../charts/kiali/templates/ingress.yaml | 62 ------ .../charts/kiali/templates/oauth.yaml | 17 -- .../charts/kiali/templates/psp.yaml | 67 ------ .../kiali/templates/role-controlplane.yaml | 30 --- .../charts/kiali/templates/role-viewer.yaml | 89 -------- .../charts/kiali/templates/role.yaml | 99 --------- .../templates/rolebinding-controlplane.yaml | 17 -- .../charts/kiali/templates/rolebinding.yaml | 20 -- .../charts/kiali/templates/route.yaml | 34 --- .../charts/kiali/templates/service.yaml | 45 ---- .../kiali/templates/serviceaccount.yaml | 9 - .../kiali/templates/web-root-configmap.yaml | 12 -- .../100.2.0+up1.12.6/charts/kiali/values.yaml | 116 ---------- .../charts/tracing/.helmignore | 23 -- .../charts/tracing/Chart.yaml | 12 -- .../100.2.0+up1.12.6/charts/tracing/README.md | 5 - .../charts/tracing/templates/_affinity.tpl | 92 -------- .../charts/tracing/templates/_helpers.tpl | 47 ---- .../charts/tracing/templates/deployment.yaml | 94 -------- .../charts/tracing/templates/psp.yaml | 86 -------- .../charts/tracing/templates/pvc.yaml | 16 -- .../charts/tracing/templates/service.yaml | 63 ------ .../charts/tracing/values.yaml | 50 ----- .../100.2.0+up1.12.6/configs/istio-base.yaml | 126 ----------- .../100.2.0+up1.12.6/requirements.yaml | 7 - .../samples/overlay-example.yaml | 37 ---- .../100.2.0+up1.12.6/templates/_helpers.tpl | 27 --- .../templates/admin-role.yaml | 43 ---- .../templates/base-config-map.yaml | 7 - .../templates/clusterrole.yaml | 126 ----------- .../templates/clusterrolebinding.yaml | 12 -- .../100.2.0+up1.12.6/templates/edit-role.yaml | 43 ---- .../templates/istio-cni-psp.yaml | 51 ----- .../templates/istio-install-job.yaml | 66 ------ .../templates/istio-install-psp.yaml | 30 --- .../100.2.0+up1.12.6/templates/istio-psp.yaml | 81 ------- .../templates/istio-uninstall-job.yaml | 53 ----- .../templates/overlay-config-map.yaml | 9 - .../templates/service-monitors.yaml | 51 ----- .../templates/serviceaccount.yaml | 5 - .../100.2.0+up1.12.6/templates/view-role.yaml | 41 ---- .../100.2.0+up1.12.6/values.yaml | 98 --------- index.yaml | 35 --- 54 files changed, 2685 deletions(-) delete mode 100644 assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/Chart.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/README.md delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/app-readme.md delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml delete mode 100644 charts/rancher-istio/100.2.0+up1.12.6/values.yaml diff --git a/assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz b/assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz deleted file mode 100644 index f394f72b3fe6e9a7952b6e25bb11cabef3058db3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18491 zcmV)_K!3jDc zVQyr3R8em|NM&qo0PMYMcjGp)C_10{D{$!9r`z5p_3*1(XEJwtx;=?^`r&Ik$(@~* zrG`jILQD}10oqnNeSiB|C;%k*l4Qy4PBP+}Nn0cyg+ifFDAXgxaWEyRN4cP^^J z7dZV(cjLaQgZqO#IF6aXg0h$o9E1WaaKt8lfQ5*NPgy4*si0#@!U58>(pW5{Jc;n! zi}8#M(7B|h#&S2=h&Gf&B%{iUdPbAre05bl{T&E5d?s(QyzOvlN9yU>b4X zp@Hnnlnx|MV0WXlF+=?6)*cS&DEV1^2aEP!-#~4#)!`Fgm5%Y*{ltISt}vwn9UH5 z4H(EnVoEuZ{|gC@04516rs)JHioa%Z9`36bKgKFo;Klbj-ia;&HsMDQ3aLOYxUEDrfqL`WigNV6DW#NlVa zW;01cAJosk*=7IEKgi-Zir5_zbVlSaa!&$8V@XF9OeQSU8^$P`OeBv->Td<7-SPl+ z9cO3f9TxPKAf6=&ONFW&bA-cC&0o)d;e<+ps*KVZVNOc#B~3U^5YvXz&6GR?B$Ci8 z4a5s#S|(}-p@>c1kXsTBs?wB)KrYk29WqG?=U-z%?(n>6 zR0t^n;~fjh1xtloj_q||#0^y>4B;i2F+rLzm(YlbriNC)5!9_<#}OnVGa}M?Q=_;2 z3YDsPnnY}bBP|+>h-eZ4M7<_soJHc2OemMFO8$vZlCt}`Dz*xsvh-~qikGJnz6@zh z#UnHpDo`(2_?q%G199vhSvVo0Y19a%BOItN2~W<-DA_^ZQXEmlvk}NvCAQ_=$ZsAe z=`Bee_|b%IoQbJMrAVlZ*Q^7E1)vc;XceXffFSsHWfNx540L_hr}B zT|9o9BEKz}yIPUz6$%Ldil$;DFX%g6cc#`5Vj`6a7 z8pfn+E*{W}l~J^EbB=|Y8c_r+7UW)BU@;vaHy^*Vvjgl0MR-IawX4g$0CP?!u_QKG z;*yMu!-HgtX-ov+aL8o=?_`{$-XxBKA~9w!kAx&IzS&kL8osh z7l@6K{D=gmvEXut5-cK;_|bE{fpYY1-XHq=S5k7?b#y5>p`#yvdgKE|S^gJfmcXH^ zGn|qrAu0Dovhh)1nf~XXcU+PGj}Hz`w(|c|JRd)H_Rv|(vy`A*+al#jZe%h%BZ%CR zbbdD_DM5RkPoJERA3eFH(3l`s9ia2NF7iHoauAY5{7WST`nmXleluH`GSncBoG7SzGGLq zfBBjvvOUQX-LqdZ9J%dtZGpixBULbzd2ylcvs(JntLcyTwDEr&&S>nVEFzn0gO>6C z<2wI8IXKwz|EG97&nqc$rQq*N>71qXSKt8t%?ns?w>{^E#^C_HQk?6OMZ}pAfkP}n za#T{4KCHAhgC~=eOt6ql#sexFAXlCWB%4sGRkbm|H~miE0et+3423rAJ3jjK$w{-w zoN;kNzfM_}Vf=)KDCipq|~a+X-EQW zRlKFC$fR_y4te=|v+daps6ppNp6xwr8z(10mQpcaP7pRFCoH0Y4Q)b5Doc=9&_L~) z#q6j{o2JhVa6bL|Z{zcFz;`1 zQsVD6bIz5io+Ok9b7|G2ESN;-x&KcZ5$=B-u@Q0=&GF8jyX&8F1qt%eZ-~Znm7~6_ z|E00^=Xu)JzdoKkiU7D|{U012o>bR=|7a`!J<0P(vR@-_Fv8f5zEYaN_Ulx(Vzs*# zo1?uMm$qWFmFN4WdQoexF66D%j2_0u?KBHhYc&NEv}q$vLeE+a<<}_>ZD|MHyx{HB z5Y8x<1gW(=HX+tKm}LSB8c*)XXv)}4`Q8>v+~SCa3(G7UC{8H37bKQI@m5IG1%r7B z+6)Rk_$~DpR9OkAM2)X#x(-u_$&AIE2vxMWRjK{%jA@J``m2)GJ#*ng)UT8z5e;zO z5EodGaTe(pOJU6f;{lG;Rci%C;5IB4I7(P(N-8jxwOd>d_yJ1^<9@(q^&a%8L6@#H zJRw5OMM|(B^*%t_pVu2rSQzG4X(PBwTLt7+9@{`r#TIOx155Aq?3Dhp$}R&2?klUk z!s?h|LtSy0Flq>f+~%~Ci*($eqxhpk?n$72$-RXO5{p|FWit{)n9jK2LupP=#kns3 zfrEf$@k&Uo%@OFE?VE1f45U7hh9z1jJFCl#lRvM(xq|$s32J>YaM}6q@Tgms|N7md zlcTNt_Y_Y}tow(W?bVfn%f&#RjeaJ90K-bv-<4Y8r)r6}R(!DXk45B?j3p#>akae@ z!%Y?p^iRtG+SWe_sdyyy{|fs5!>a!O==gZM{-5Icvig5XWfk@R>Z`rHpk-5A?f+K$ zzt#Rf=xO8sYEcC-^%B0B_J2A5Kj~Nb|H)yuzvcf=@iZIH0Q)X1KP9)dHwks#>fH85 zL}0TmT(Iy;uc!-k9;-`+2~WJ7vL4LvCFhfEft~k7N^faICgh9XNK!fG)H6l%K}(m^fuzyi;7Ruy~c9zvCort;NY38fW+I-?Jo%$c)4SM`d19E2<8| zg+eYhN{Ia81(@h85%bqH)oKzB293@dJGL#?KlY?pGWRNSw2{n9B6%5t;iNIF_5XdE z$6hfbDIXTAZ9)5`hP_4#{f33Q_N!;z#Z zxe=Di@@%9^wil}K2FvTV8P~eNDv+6?TD#E>-Qt2ZhGEI5t065HUI(TA7n%({1UpM{ z^B@3pD^Bb9c}e7a*P=Uy4$3}19}$hg>9WO^-ABKnSX(o_Ky?QOyE*k43HC2Mi<(R1 zmQi_IrD2rZhgx7OnfosT&vra$gw8Io1UMtrzETcb#k>`#F?9IyW%;!}V;sIXF~=(+ zWjLWuodfia+>-Q9tFV9MXEphMGab+}{ZFq~yZ`GSZ{`0dd7f7Pv*`t&5w{bg{IQ%q zOG+L4<@v>{@{5b}*OtS5S?{A%HP7B=T!6mj9g8m+6VIypA6?Gqbe=8H|5TfNrrzRs zVhjA>2+_+q-3;Fk(DBjH!BJJ8wRv+X!QuNjn#+NK=`Bd}1xiXgzlWaX`|30EMyafx zt*LX^KEI!5G5_CO_y3m_?0@@5)%ZWh#|PW^KTqkF;D>rUuM(;_wes$xQ>q+cE_>h(BhU@pLFL*r~{|slCwOa~UO2U}0 zQ(r4v9`V{>1EOBz%E0bzo$G??xHpvP)*1Hl`#d9&j9EIOVMyYuIS)isGA^%P_LT%7 z5QS{nCl`op`ACUWxkLpRRS~UTr!0Ae6Fj0371SVDY4%!f46CA}Q#!V`_V`dCZiCy% zN5N3(3Uk4|Ws)+v$Vphe>kQdle23HU^y0i?D*Qb({VKwAwv{kH^Rrm~%i_nl0bC~k z9UPog&;Q50?fL&np7rnla@zPzH-IV8H+PS4<=1k%*M66`(rsB81LoP@m#uVP_6Qd~ zIsS*x+0cXt+ui}KeFyY!eg(9>0s1}O0QI`P#v7pGedPw|ef&>Mqb&Us`)xhe({Tq#%ahl%b8eqx#?;mz+=f8e$8~@`;p33@%fX%jvqRjys-R+C>qE@xORizr3 z12_eFTwuWsU9E9)wB5`Kh;lt-%I+!Q`4P_uUAnwH;hx|4<*Uo*nrF>!WJx%gxQe^u%S$Mf8=;Ab{^BS9{WAEFj(&w8!2Rnk0s?G!LT za{{LmA}&}e2B>$`ec6S#G!`Vi#gTlc%B2L5L*q$4GNl-Pqi}|P91i8Q42w{j!-R#y z{IokvSSp5cQ04@M1Eq<*AtcF#tqHjwplAM`r$!{9HCMx?JOC1=tWwEs1^`MApZov0 z>#hoSj`=F2DM=z6m_va=ot}Wa&O?yXgpCD#m?|{|`=+Z$`v;hGJ)dm_0!_mv_+HVEJpT8_v|F@LfJz4yR z!&?03$fmaOAGYxy)*STjAs9qE(4TMpm-+wY+3D-IXZ|dF z)IJvT|6cdF7XS6&pu3g-p5)miHM9WK-C zCysMPRO(5bBwk8zI3tiY!reCIy*Z% zI|>WvHAzSuk{DLFhwAC7)KCyh5ff9AqKjN@V=x3g=tgy?&UK#IQYBBcSDc4Jh$-om*E;m{cjPG_XqBy4<>>L^ za(+PBj~c>v=EhwPf~c%PrXd>_qOhGrQT#pg=3Jm+U#pg?bEO#^z) z32Az-^5v*BTlR-tA6@GVnIoc-aLV4TSgR-|Dn-tSAbg8yghvsPM9b1pr`=3hLeglC zMj4I5hDl?}iWq=^l&CoJ9cORvd<-MkSyByH0=>F?t;WEMfkPq4(P=lWQHSS<#Bdms z5S6HbK!VM^J?Fz2{8eC3QMXz=f`p2wdaA;6zAH<@Q035JV1?qVG$Lh8V;4_Jz$P*M zl_1w0pqMFDkDdi7BqD^|xA`)8jrnxMa2mQ2ttK(7YbnH(+8KmQ93@lSbAjT}X&A~a z@>(u(_)}$z#wjtk*m_vy`M@a|IF6_C6gnRIZ%6>=IA=JRs)o=ML;6l20UVWCi(wiC zb>#_8EpT@i-v zIO+%RK@PMa7?Pqcz&OJ(o|r7Ux!p-<S2;wspTH zrnduMHeh_P_B1Mkd6DM3lr{F%H@gh5HJBrYURbKx(crrjd`%OKm2R+_GYn@f_5BNSOAabbs;{ zm@j`ocT*DEV^dv0nqCA(X?&bTrLOZiu@L*p4qFYi6?y+1?d`o|f(-Wd&~;^_uxqGY zl_Sh~HUpwjxXBR#lVaw|@Kiky7hoP{Sbkntf@h{(q0yu@Q$aQ)>kJ5i@UadoV=Zl< zf;-6VTOyC64_1QA;?Jvu1ire7c~{j1^8&>*nCkq+lD`+xiPbDZItEeWYH4q}t(jNdm9EOO+MDB=H0iu-LS}=QF<(LB&3mRu6XEw{m4^y8H zJ;#QR9H-|?R)(-qDw>&>%;SQE`A=BHb`C;V;PREaYfv+ChhqUKgUR&s)? zIYcl8Tmug?C-0&?ARW`46kAJ_RAH27I`ga<7*_;t64K@|t<{z#(K;&fiYo%q%snLo zizN5a*D47rAo*ISc6Br_F3Le~hT&AR;9BJJ0cB}qGCFE3TN{)XBUMIL%g$7e`~59R zQyLQV>64wjwo(ePV-nGgCucGCbsF18LcK|fyCU9A@uxz1 zQ-6<%alHfG91w{)#7`SvM_^t{6b*=QMaKr zeRQ5l1gq>X!vLFMeE2F{)i6H5W#>Bv6g9%%jluzIcn(w3q zi12~?pHBf;)(I4vl*iNoF1i0X?wwTP|MdD z-yyLgF8S-Iv+K+KS3lxPnSdag4+rLo*t))F_lVdQSX_zmIzU zv41b2>G?1H`&~GR#RPFd5`$7EC!XRcnj=BDL_8egB;m@_Z|I{dLi92~I`Skck1Jmj zaNj1>*fCJCJ6&+8M)+0t)!bM8(48}xbtr8KS6`8@j z$U|fVsv85859*DSF?pJjG)NWuQFY&IL$Z9jG#5fC!JwOjrOiMMW{zknNf_vH47y}_ zVISh4geIE&*gT4eZw4qA@r@Bmh)H?5WN?YjqBZcrE9M{*G?HfJLmTby>%EH2{MqyPQC5hq$>I@Xdl@-Xs5;q5t;yUhbVlING!D8Gk3<%o?X2i(^LqwXF;2nQe!9&l1H4ScA#kSlMH zT03CpsusoR#krcw4?0N1hw^23-iD7BGD+AiNF0!kT2UPXM5ol8_TKF{j#j?Pk{<0uTalF@$c2WiMiRC(MgJh9MT+-ds#A`EXIOhOGjzlS>?MFuw#N^ zNm`}NsdB0@BNCFii=quuG^${hjjAI7Afr&N>5CycnF_=SQMWoAaXOP!|DFgFMBq(Qf1X{~nbEt91V%YrU#wj;P%|KEj(z)T>1^QV) zc&_Sun@_@JVF~iK(yCVNDg2nbh#wU_jv_XJVAkz|gDleNcl*7LCQ}b^YRF$(KNT&x zyT0T6OKWOD4A$}(C+J5bfs%wji1{2IzkIm^Ka>n4yqEpn%a=zldnd@X8g+NeGNrz2 zF$+zxaD{t`W1XAwwl)=?@kG0Q9`aOd0(A22iWB>WeJr#8IXtMve>*tY#(#T~$F}{f zW<1VsjwHCs%vFjmp1N{`!tLCBj=4iclo2~%iIlDzW7TkhMaDh(y%gUhF|MKgUg>?s zakTW+v?-;;enV?7x~)yU=vF>TJgQFzy@S#>yBFTj%i-ZcdpFgOrEXp}bt8hLp_7B& zVYhuW^{;k6cN*lURK^R5rBO99(N%@RRbX%A*(FZD3CdOLt!P%CE!0+E6(k}vBGUPyT_-P8ANp;7 zF*b{;xBY7E3Z5EH*w&eR6CBBwTQMX*mPn7>!)BB(ZEmyE%BBJ^SIbvJ*QweOo4g^n zB&ul@%!h^<`qG-2r+LcyztnPtdJN5(U-!EyI_0RDviLB_4 z$V;6+NigC1bcEIwxeSQKgL`1xj zzwmZ)9&2(w|N3w63D^5~2b|zP|NU>bcT&y&*gHPxooxC4Q#_SC3;`B6ViR92Yq?>Zq-2?yY1?uv|K#1azg7?LK<4cOO}+^^Y4{!|Hs=Gs)+ zK}axUTa+7H^^*NxZUtVr=wgm|Hu9_}5xH}Dm@5Ynjg3|RGp=@R-EhsX@mNFPi*2`T?C#a|~7 z<3|FVA2+_$r#qL= z{NM6}+l(C_a9+TIDuxJF#>PY6*eZkD&^VK8y|AC%LFeNZ zSYsxT3pDFOdy8P@rsTe}gT$1?i%J7v0^e9sJrHYz0=`Kg-%D}%j&ic!0<3b}4_5#* z<0SN*Y9j+P0LQ|2DL#oS_a#21W8s47GU6h|f=uQTzJHm}4T3?SB!ne9h8O{KM$p|9 z3uSP8$udFEcb9MS>Cy3XoE?;c*>S8bJqy<^6yW%oK+3~i*}<|*AS_Ut#nAq9D$pIv zqR`pNjYjV<6(+EX-d|PcDke`JRzPA*7JHwN_(~2>&LC6nR)`9eCA$!)gR>c7F@fRn z+-E5XvCuGC01M{qpinu{>?4dWE){sP<2w=sY({)X?O&;cX$TvK3&_{3vk2e7j1#a5 zQlmUz;gSX6ARrvf%Aqm2|2TJKG)x&2LzYi1oW7hLX9ry=&r%&dU`A&&u<-NhQhRgZ zlpt-QuYH;G>`W=N99(s#4p!H zJNX4H<>*cpEd--nSaBRleUQZ=Au$aH=;J5-1E^E~Hq@!mTC50JQBybo4{R*<3O#pNhkph)EQl-1MC*|rQfQ9jDAL?`$kS}cv0ju;?QOqQ@eAL%j zEVTa~;#g4qLJ5aMm35I1(2qaq6zD@7QOrsHD$)1WIHAK_v~Y1I7!Pnn<4NbXKOzG6 z)txlxepDB5H#7|Cgm9s0Ln6WDQ`|o~b`c%xBF1E2%FalAl~XcB&qIdZy}w3DO2+hF zEm6g5LBPex{V#X7q98W*>oc0BlAUUy-YBP4k4Y9q!$juJm+rtYZ)_ODWJuE zw39m-MD&Ir_qOLBymTP|Ss^<9lHs{JX&BgSsqX&~c=VOP6TXWe*pI>zjM~W+Wg79t z?CUtHW=ewya~1A>fZTXO<9js+J4R;%zYGsiG@}&`d307iRrVHB>?3eJHZf^TBQ_Z- zr%!q2Blp71Uq|W+&86{}skf4+566^5VNs{w?H+sGp4aVP_l^eL!$J4xf4V1wZda2I zXq3~TT=WCv_8{&n3(1fdW;0;O0hC-EPK&oC{D8j<74u;UO|BxBhz6LeB&HPwR8{o^ zN+-A1ow+&cWoq zS((DaPC!xtj(5QEla$_KL54SEu3zf?S9==|#}QWPEo42p?_xpt(DGCs(m0fFnNHqV z(`}kX@2IH2ST@Af5ADl`y*yE^b}ppxq-n4bo6vYD*bRvx+X$V+G@cA0!+{*D(lQJj zqbclnyO6X@$59$qVKeVl>6a?ihY=Kv;PHyhW=w84T10@I9M4!h(N3K_8>y3=?-X`3 zJLn1om3c0>=%Jm1_?Nr98n<-i3j!4zPNeF*nBNp=KO%X2E4vXLzC1WOJm?7yA{G}R4oQR73}O@&A~#9Vj~_oGUtJ%Z<_cBx z>C;a|_<};ENn`wCeSzPd`D_k3v&`!#Uy%9BZG;)5|~|U%s-s*12qd+DE#< zuWGHU&l*6xt_Ab%pPI?6wEl-v5+x+%zDU+l1upUbJ3Q>x*8fRwd;k9=&&Q9QJ#vvbOEQBpfNU#fGEjXQJky7yx zbca<*qg97ky<8p7+jMRy#VW`dM3<43qYzcKZ$8AvF}h4%R%Sxz*=h}=pj3LFQ6|~} zpj?&OcO;zEhW6D}{2k?F;W&H;rtITKPer*V`ZS_%ynNHH3yH6^9q4l$hv+%^rLb3T z15zJtcG2^g?#|N z={<5iw{b}4aGDxJ(26N3&gn%I1WCuYBpoqM;Eb0?xrxc0RX$)bry)s6xNNk>XtqQ_ z4YO40)D&H{9MHgmN=j$p7w~%)cD%;PSH~u$K3FzHD5M5BCDF|1Q?)skU1pkyz*lKA z6LXQ+THYu;-srxdVy=9%43*2MD)a%CA52}^`VF$h=q$d8U&M9?!>%XkMFralz0q8C zWF#-6J#DO%;8b{QT7cqH}7{B+N`6=zN)r)c;41I|4zp=v4GiaY|C&{ zn5E|vBGB{ab|v5F5%sdzg@Lp*;_g}mQ=qTH*_QxOuh+uRU+0lX?5L=ql|i7DF)A5! zL*^^+HKWY&Elo}%n`FR^nc{cZ4E2uJ8~q&_f!=M|aP>b%yVN+$ zN*PpuDhbY#7peu_j=O6+RkW4M+ba;UxI%eT?6_777M4m_mE(DZ6J>)#3HMJg&NTz$ z{x_H-7w-1_{ANnozPdIz<(?|Ax*dJ{+z88qCeJ8GLAwd^IE1}RwH#TL8_RR~%?tj2 z)a@9Hi+j;!6L0$PbIogM?x&c4OXh`Fo`J}`N`*=o~kN*wOOjyYM-oX*(aPcV62~a&PoRcxN9@+Cq8f`a z?VT)|u6ixx=G7LTd`f+Mz6ld)M%w2GwC@{Ck-Dd_QckU6P_T62lr0q+H?&HbhP6>I z&~PMeQc*r&_$9L(6H>Q?0~aI)7nHAshD1tuwt3G(2vzp!n?4(HQz}v3>8t92a#0JU zUGzL=A}?1lo!Q+j6A_J&`!ANEkcOZn(SVnXEog%&(sR$_MC(+F*1z(7f7eGpP@&^E zt0@2bMirz$tRP>7UuObTL_RvBpag;dr(ide!rWjK(lLastk%D!7}{45mGC0r(IKt< zIzKCuT@Cl2XI0ZNS};9juj)U@^pN``q5&1r9O;W+f^e)77L?n{6UaPl&KiBp?N!*m zi|IwYKA!}U_mSCTJ$Z(@#x38~H*$#8s@AD{^?Dog+G5bH9_kGP(}4%H*FtmDk-B!T zy*_NG)BViA!P?)dy2TmOJShv$`@ojCV?0r_Z_>^ z{kzIi5VZFL`VQtxJ}ce-1z08CThkX{+5P{~ zVI}`Zzt=t3+W$Yvv#DTF%^zQ6i8pr0r5y1}ZP}_4w{@wXK6!@jYN_Fy_k?l^dKg(_ zFHx>=FM@>}ss?b?Yt!UR8WDlZ2%z!LBoH}_xrdzZ`_3OHjL2&1ALep~ll2(DlJ$Sk z>mF3sf4{fQ|NSJ-=Ul%}wQLP=icD4FHuPKGT4xWvWhyhYmewHs8=WQ5yzDZ8Jb754 z2{LJbZphq9ISk2oAn)zCQV+x;)8Ai%85(?r*o@`}E#%ra-Y#;hm*B1*YjIjC9X>iL zwX5a0q68mqoejotR8FVMIlrWtD32aak#3NOViWZlRiw{*|f(ogHX;G$kyj=WNqDj&03I$iaYz6b`r z!rkJEucfovRbaVQ9e7QyunOyy!p@i8!nV%_&r0&2b^oxA0Jy~d6Ouht>kPVuJVS3RI2J)tx8EutI@YZl-&XAm z1*zP=16SnSj||^mW$A<{H#Pm{yBObM8sSltzgKQzmv$2l%Hwfr@GCKhA39IqU#_||M6Si;MbXOr0YYrbqD|W@z2*z*_OYfr{yx*;{ zkQNN9?z4)lu+Zw`EBP(&cg0p}^Ie;icBtxJ(M2uzc9BKVmE}5#a+|dYd1!-P!JGUg z(5?u+?bTkCmv2wCtGlxb<&>JK@$*KQ^6Zg$7oLfj?5-6uxx85wk&`9;Etop(UH<9Q ze>JyNDfRKA9>$=#xQfeMtnZu#F0@DeqFyZ5dplac_QAK;;5vI0G8sY(uI?eX!xCY8 zIlJ~pPjT2>)%p>!}oDCzhq4OlSV|5N+}#86wBgM{*J|$;0;{*Sc!;e78p)wHC;?juNN&_ zh~7HPtbxz+M%$a61jf_l9s*EhPcwkM?7r+S-2W9`X-qi3NZF_qK~lok&M0kEh0v5}y{K%$ml2R7tpAL!$ni0Jv+bQ^>Q$XU|I%_z6b$$N*+3?-z z+q0{S(^qF!OQ5p-XUb;fxdGq2OENCM)$cE0;&NAk{LEMD_s#pShi}flKYLT{Q0XKe50&2Ths{PpQrxkplBCQTiYRIJ~A9*Sf^530-tV<>Lg z7mY)gDj)h<4*=!pQ!SI~mybWyo@EL6T_WfPI%z){R#B%7 z!eiLl+HF5bc>uuGmwdAXVYjbthgRn)px*GX(r;9Is)`<#>F@?3k}|8sQSDf>F@aU^ zRiD$!Of;--D}L7sP;bm%Hz)pToAw;7MZ2raR-;1Z!5hFL_P>1Y7EO`-Zhl!OMax~K zbrf`rSc;xE48z1;gj9>W==ri@2@7|ZmVhvgyB5yN5gyUPEv*DmNt?n#a@yEX`_5Kw zY~|f;CHN9n)^oFPZRliEj}9EnLKVVT&`qFJZLSPz?Zrk3I$xlLAsK3^Iv0$ooV2sr zehK6a(w;5>xD*<4Dahs0tw3+B7V>AM`~PWzHwgp3%>Mi2pdSD2ptrsMe~M?pg-U{b zo{*r)%DY*Fk~ORV!m^?=Blw1;^j8)O99^*RR0kC%=^w|Y0N}lb6hXQAtI28t!KG)# za^k^~owM|k%1liGZr|{=2b!L*wEm6L@tQnf$@)J$JgM4$cTWzs`G20|d7M*&ZiW1! zZ5G;2iHn@&)oD?3n$-^AMTQvv=7oxC)a#t9R^c3OFVLpKm4Gyh3y+AvJ$rHKlz6JY zFTu&0Z-O;eYvIHj%sC%az2+&?=oP!Uzs>TYl_H%Np@|yoL{=N?3hlKG-a1sOyaBpR z55lyYxN;n^C^UfuyMDjxcfqF|E|rNl!odxRL+BtW?X*=!W|7I0A(wEvTCcA z*>YWr7-TNED|fSTHXD(&)y!jwWneqZ>zKq@)fd{Hw5v;OafQqhF>i_!HvT1ybA~fz zys;xwuyHr5=n9&H4SZ?Q?NOeUM3&Tm>4SK{>h(@acXfiv6&ZsQB2=qJ${q$H#%3B-4o=a4_rVm=M{nWQ)tZ;6<) zaDZ?om;)w-r}6wMV2Mcz_PN;5O6x!2YkGdGXUY2S9~~ao^ncs@?@#l5Y>b1Gj&R@? z*;c9tWcVzXF-z&Ma7MCD)oLYQvWWbH#vzR-8?5AnCo3-6lto0V=5Rv4PFa>LfYUK* zx=WTvmv|UdJRAK?0-;4y)!0?ZXTZ|?DSwA5BU}-SPlG-sW_vmE^uUw}x0OE&YN>Az zgQ8?`BO4BlQ8n~I30LW^M!G=8NeyEPnp_*BaC8ACkI<5`On(xDnUmXc^Y1ZBN03AN zYR&@@>ES)wdnUheMX6fcg^To(5%&z=576<^(SdE}IiqpmEhcAffZk?YTxRhpcTk=T z^mWP-ds|l>pT2qHXhZVvxJmj}Yew6co04THYdzLs_sT$`@<2FwL*wke+#ob|8cSm1 zS&~FV9ujd>P~+oa$TH0G3QG+51&4~)G*v{Zl6pgGZ4c!}CLRjeU3`br@buzb6_gap z1&PJ?(DbVa)0wqNe`zk?{;ahBOXlk7beKtm;|B(UTC)H5`o~9={l9)(G60t6 zI$Ra9d%X>BA9M%H$L05I{&|=Uj#lU_ z->iz};SU{sLLydggb_)(W{4`#&triALrPdG#w?Y>YPsD2Qeo+WTvQt*_kzTr0d)6O z-kPQ^LQG~X=0qd0xZEiXHvi5A7G#`7d{w?*0cs>)HcoBI;-A?_^`ifHSnF!iiaQ>Y z+16}TaK5zP77(Bx-97iGb;cvnTGE6z;y6dDBH*V<_=2&hk;=$@LQ-nT>fu<<#8gF+v)EZvKM>(7C6Y7o#>Mg{ls#77|2I$oFWdi* z`?dR@{&xR=n&(UH|J#j!&5d81JN(;-0IlPFWMQDWpQjNEDw7eCh?seKVzHsM&wncc z;-T~L2Np0^-v3AHGH)F<@KXDa`bYbao+QtZ>V+z8uO~sl3H5GqL_=Wk=x$14lLV2*6G-y-4T)xTySt{r zh?G*ue5w*D}Of?&^i(kpL(8<=#F2J{~r|?`Ng`-z35NJpTU&{a)?<=cISA z-T$BBY0dv;*un2UM#lmt@=YT6wI_arFY&~V)aN}s0HGbTuGz^Ea;~r7>A1VB6oeVZ z<=pF1W@{^N`(WlN985kcFH55~e@fL6`t)hg=`8fPT*Fhh>Ye&|02?%a)fib9>_*@3 z#iE}kzozsTi-n7(iuQ_G?uEXfQ87=9Bmy4JZJ`varAx!kBh{}TN5BLS6hTsxk?dge z)vh6liFVMxex+h=w@+_I3h zo|V@B9T|C2uJP7O1iozjAJ_7K_fL+t=f5X;RtZY~;QZj#F!WEt01OB!biGLcen;bw z-T6P9{bP9f{{8h=&pJ0Rct`tlar-c!UEc#NL`00o*SQo=Iyj-7+g_(I?d!A+!)%qj z1JQ~A@&P1J>Le+#})l=@1)n;+W$Ps zlcemHh9n&zMTSnGQXJ~^JFc^{gWj=_=-nAeGhrdZoYP4R@r`$OBwZIFE6b4)Ll*E( z#!2c;G8&SO6$+lRxZ~{XIF;z}pJa<~C>My0A+kIYn8t$3b)#d_6ZBk1x!~yAygT&w zuTalF-gQb5^nd)xsRZ>0l}OQHy}&g|XZ1pIA->mQ5unB#bV@HBB}ZsxDk2@+Pw}$X zDj&tA&itwK=Z5BOZaV%E;wV-VZk~_dF>#R+uA)lUlCnx55yELO)e)*^;ql=B^%VdI zFT3~VN0J1`hY?Xfb@%V=Sx_q0(nQ)^J{@75DYpm`WFnq8ijW2>6}Qe_nzQK6jHW3| zN$8c>o>#C_2O)tcIfFxJ2k`{QSAwN@LayftQQ6Q?fMYZw$eocHOXn`=%iR$UCnR-& zPAwJKwdyy|X%j=rW&{?m$% z2{eF%fN=hnNh-P|IQ$`{g1p5L4n+-6K{CVlLy0pgx67 zVXx;{(IxF|UQw5&r-XXBPFGvTonJ^uRy~F-?|9_I_imXiEOt@1TnggH z$d>Eb>>F-S7rgqbjV%eF$p%&dv_byKireLC=C2TP1(lN{BbOQMjw& zrrCz7mE0DPY<@lWz-eAK!5+FJbTU=fo<)gb5Nc79*ba&PbcDTt_S&LDw;{T6ps-D4 zE$UiyE@>-NJDcb`^@g-%72WQ_-t;&(=E9XuR$#=9BO$1y9Y%0c$jJ}r3->@bD(g2 z3Dl_F%&R3Sjl~$b|G_)%S`C14pZVby@W>TV{o9czTIcLO!Ep!|HIP__jp1*gZ{Mk% zP|f9wGF$PAuj;&@?m^$lhVp}frT0a@A(3WrfQ}E~PddBG#$$SqT(1tRg6|c?dqB9z zP@F~4ytpbtI7t9<-}!;4)}g$ReaKO8G$H|pG*WCvY$Z61cT7nXa)eWYB08f&`A~@| z<>>in4!C&z?n;)W@dWXN1iQX-K1TXlO*Im*SYR4+g*Nq$3Uo)K2#pBJxP+4<48Ut> zTTxqB1vOApRg<2VX)Ul4%5AdwD}ZmG0+-FI1!s;4)k^8=zks#$_Q3!atHk>c?p9h; z{XT@w7O#&Vz$}6zZRVin6o+As9k_AGHvX)0__ggmagvlw;?3=}k%^}yr2;O~>;|=|YN5k`*Y!?qUx%_8JsfS`Sb!`8 z#jFfn-NH|Pgt87N%Z9b`(3TEQ_g8g@k`JdL32>SRE9=nsXT>C~9EV7`D$IzOl1!yU z3{sqsQZB}NA?3^9_73~UFWu_qt}c4j(X`~uQcvaHTy$abc{8E%(c3ghOPUNtvD&<$ zIGe$h@Bq0I3O$<(L||XJ|5N}iF1RbcL;AbG6ZGkmTkX}p)UR70R*IC*lq9~bs!Ejm zeWmB>m3e+KUeSms%fnu;3C6c)ZzW`JPyfH+_2ucSv#ZA1bz)Lx z0DfTsP$4bT{{Q>k+2y~6|2Vxm8(y4Vf78^uWZ%UCwM>4{r%yIT*1u>!E7WObXHcYy zzlh$Fm~eiPvQZ`13=4RE4wRAomF0E2Ao@}G;`X#z(OWll*;*QuaE4LNn`EurP<}eMr_D&>1txZ zRjM-W){Pw(4J=aCx72CYSu`X!Q$3h?p05dcc1LTtP-@(yQJ^oXF8~^D^o|ReT=1zitsB_|Hjf?t+!o*{TM{ODWgA!`4(B9`s zZ1%^Rxeb$gwhs1plgslDH67cOp?{W?p`|3DR$9eX><-gnD^X30PuH}F09(K3+ zzn|n;^FX87btAo3B*i)hubpfjn_uTj{+h2%U8`0tqk1abaddZHL)D^C!?sv=A<7+r zK7L#Y-Majvn)}qA71#ep5dfFj|D4q0zxTKK|DWc0VC+BRhP>*EZ4Aw~$g12BT4UTZ zV>&-*GlMT_r@oAIR||}0MpQ&Y%LAYl%B6<#ap_90FmT&9j3pu#h_l*zc*iR-yDq8I3~8trHyF;0fWr zv!g z{@1RL-pA1#u^4JfkmPw9MKmV9(23MNN`6LPub6of6D_FlFlE&Res_6zdSpA{r1eCg`4%U^!(rJ zRpUSPx99(-d5lQsIH%}R(SkPj9$`*G#A1-#wA^P!)KC$VO2LsBgj4brlTeK)yW%Kf zcWBNsFab{GzK`P&%~(tYOHoL= 2.6.0-0 <= 2.6.99-0' - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: istio - catalog.cattle.io/upstream-version: 1.12.6 -apiVersion: v1 -appVersion: 1.12.6 -description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. -icon: https://charts.rancher.io/assets/logos/istio.svg -keywords: -- networking -- infrastructure -name: rancher-istio -version: 100.2.0+up1.12.6 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/README.md b/charts/rancher-istio/100.2.0+up1.12.6/README.md deleted file mode 100644 index 2230c6185..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# Rancher-Istio Chart - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. - -See the app-readme for known issues and deprecations. - -## Installation Requirements - -#### Chart Dependencies -- rancher-monitoring chart or other Prometheus installation - -#### Install -To install the rancher-istio chart with helm, use the following command: -``` -helm install rancher-istio --create-namespace -n istio-system -``` - -#### Uninstall -To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. - -**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:** -`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` - -## Addons -The addons that are included with rancher-istio are: - -- Kiali -- Jaeger - -Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon. -### Kiali Addon - -Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. - -#### Kiali Dependencies -##### rancher-monitoring chart or other Prometheus installation - -This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. - -#### Prometheus Configuration for Kiali -> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. - -The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. - -To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. - -1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. -1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. - -#### Kiali External Services - -The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing. - -##### Prometheus -The `kiali.external_services.prometheus` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Grafana -The `kiali.external_services.grafana` url is set in the values.yaml: -``` -http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} -``` -The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. - -##### Tracing -The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: -``` -http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} -``` -The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. - -## Jaeger Addon - -Jaeger allows you to trace and monitor distributed microservices. - -> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. diff --git a/charts/rancher-istio/100.2.0+up1.12.6/app-readme.md b/charts/rancher-istio/100.2.0+up1.12.6/app-readme.md deleted file mode 100644 index d5ebeedec..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/app-readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Rancher Istio - -Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: -* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh -* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). -## Warnings -- Upgrading across more than two minor versions (e.g., 1.6.x to 1.9.x) in one step is not officially tested or recommended. See [Istio upgrade docs](https://istio.io/latest/docs/setup/upgrade/) for more details. - -## Known Issues - -#### Airgapped Environments -**A temporary fix has been added to this chart to allow upgrades to succeed in an airgapped environment. See [this issue](https://github.com/rancher/rancher/issues/30842) for details.** We are still advocating for an upstream fix in Istio to formally resolve this issue. The root cause is the Istio Operator upgrade command reaches out to an external repo on upgrades and the external repo is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402) - -#### Installing Istio with CNI component enabled on RHEL 8.4 SElinux enabled cluster. -To install istio with CNI enabled, e.g. when cluster has a default PSP set to "restricted", on a cluster using nodes with RHEL 8.4 SElinux enabled, run the following command on each cluster node before creating a cluster. -`mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni` -See [this issue](https://github.com/rancher/rancher/issues/33291) for details. - -## Deprecations - -#### v1alpha1 security policies -As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/ - -If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version. - -> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to: -``` -Error: found 6 CRD of unsupported v1alpha1 security policy -``` -``` - Error: found 1 unsupported v1alpha1 security policy - ``` - ``` - Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x - ``` - Continue with the migration steps below before retrying the upgrade process. - -#### Migrating Resources: -Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post"). - -You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps. diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml deleted file mode 100644 index 06db4b772..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server -apiVersion: v2 -appVersion: v1.44.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. -home: https://github.com/kiali/kiali -icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png -keywords: -- istio -- kiali -- networking -- infrastructure -maintainers: -- email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io -name: kiali -sources: -- https://github.com/kiali/kiali -- https://github.com/kiali/kiali-ui -- https://github.com/kiali/kiali-operator -- https://github.com/kiali/helm-charts -version: 1.44.0 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt deleted file mode 100644 index 751019401..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Welcome to Kiali! For more details on Kiali, see: https://kiali.io - -The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. - -(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl deleted file mode 100644 index fac58a4b6..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl +++ /dev/null @@ -1,203 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a default fully qualified instance name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride. -For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali, -use fullnameOverride, otherwise use deployment.instance_name. -*/}} -{{- define "kiali-server.fullname" -}} -{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }} - {{- .Values.fullnameOverride | trunc 63 }} -{{- else }} - {{- .Values.deployment.instance_name | trunc 63 }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Identifies the log_level with the old verbose_mode and the new log_level considered. -*/}} -{{- define "kiali-server.logLevel" -}} -{{- if .Values.deployment.verbose_mode -}} -{{- .Values.deployment.verbose_mode -}} -{{- else -}} -{{- .Values.deployment.logger.log_level -}} -{{- end -}} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kiali-server.labels" -}} -helm.sh/chart: {{ include "kiali-server.chart" . }} -app: kiali -{{ include "kiali-server.selectorLabels" . }} -version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} -app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/part-of: "kiali" -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kiali-server.selectorLabels" -}} -{{- $releaseName := .Release.Name -}} -{{- $fullName := include "kiali-server.fullname" . -}} -{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} -app.kubernetes.io/name: kiali -{{- if (and .Release.IsUpgrade $deployment)}} -app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} -{{- else }} -app.kubernetes.io/instance: {{ $fullName }} -{{- end }} -{{- end }} - -{{/* -Determine the default login token signing key. -*/}} -{{- define "kiali-server.login_token.signing_key" -}} -{{- if .Values.login_token.signing_key }} - {{- .Values.login_token.signing_key }} -{{- else }} - {{- randAlphaNum 16 }} -{{- end }} -{{- end }} - -{{/* -Determine the default web root. -*/}} -{{- define "kiali-server.server.web_root" -}} -{{- if .Values.server.web_root }} - {{- if (eq .Values.server.web_root "/") }} - {{- .Values.server.web_root }} - {{- else }} - {{- .Values.server.web_root | trimSuffix "/" }} - {{- end }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/" }} - {{- else }} - {{- "/kiali" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default identity cert file. There is no default if on k8s; only on OpenShift. -*/}} -{{- define "kiali-server.identity.cert_file" -}} -{{- if hasKey .Values.identity "cert_file" }} - {{- .Values.identity.cert_file }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/kiali-cert/tls.crt" }} - {{- else }} - {{- "" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default identity private key file. There is no default if on k8s; only on OpenShift. -*/}} -{{- define "kiali-server.identity.private_key_file" -}} -{{- if hasKey .Values.identity "private_key_file" }} - {{- .Values.identity.private_key_file }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/kiali-cert/tls.key" }} - {{- else }} - {{- "" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default deployment.ingress.enabled. Disable it on k8s; enable it on OpenShift. -*/}} -{{- define "kiali-server.deployment.ingress.enabled" -}} -{{- if hasKey .Values.deployment.ingress "enabled" }} - {{- .Values.deployment.ingress.enabled }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- true }} - {{- else }} - {{- false }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the istio namespace - default is where Kiali is installed. -*/}} -{{- define "kiali-server.istio_namespace" -}} -{{- if .Values.istio_namespace }} - {{- .Values.istio_namespace }} -{{- else }} - {{- .Release.Namespace }} -{{- end }} -{{- end }} - -{{/* -Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. -*/}} -{{- define "kiali-server.auth.strategy" -}} -{{- if .Values.auth.strategy }} - {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} - {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} - {{- end }} - {{- .Values.auth.strategy }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- if not .Values.kiali_route_url }} - {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} - {{- end }} - {{- "openshift" }} - {{- else }} - {{- "token" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the root namespace - default is where Kiali is installed. -*/}} -{{- define "kiali-server.external_services.istio.root_namespace" -}} -{{- if .Values.external_services.istio.root_namespace }} - {{- .Values.external_services.istio.root_namespace }} -{{- else }} - {{- .Release.Namespace }} -{{- end }} -{{- end }} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml deleted file mode 100644 index 7462b95a7..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kiali-server.fullname" . }}-cabundle - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - service.beta.openshift.io/inject-cabundle: "true" -... -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml deleted file mode 100644 index 4d291afda..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -data: - config.yaml: | - {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} - {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} - {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} - {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} - {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} - {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} - {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} - {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} - {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }} - {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} - {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} - {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} - {{- $_ := set $cm.external_services.istio "root_namespace" (include "kiali-server.external_services.istio.root_namespace" .) }} - {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} - {{- toYaml $cm | nindent 4 }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml deleted file mode 100644 index 83c8f0a9c..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml +++ /dev/null @@ -1,193 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.deployment.replicas }} - selector: - matchLabels: - {{- include "kiali-server.selectorLabels" . | nindent 6 }} - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 8 }} - {{- if .Values.deployment.pod_labels }} - {{- toYaml .Values.deployment.pod_labels | nindent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- if .Values.server.metrics_enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.server.metrics_port | quote }} - {{- else }} - prometheus.io/scrape: "false" - prometheus.io/port: "" - {{- end }} - kiali.io/dashboards: go,kiali - {{- if .Values.deployment.pod_annotations }} - {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "kiali-server.fullname" . }} - {{- if .Values.deployment.priority_class_name }} - priorityClassName: {{ .Values.deployment.priority_class_name | quote }} - {{- end }} - {{- if .Values.deployment.image_pull_secrets }} - imagePullSecrets: - {{- range .Values.deployment.image_pull_secrets }} - - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.deployment.host_aliases }} - hostAliases: - {{- toYaml .Values.deployment.host_aliases | nindent 6 }} - {{- end }} - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.tag }}" - imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} - name: {{ include "kiali-server.fullname" . }} - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - ports: - - name: api-port - containerPort: {{ .Values.server.port | default 20001 }} - {{- if .Values.server.metrics_enabled }} - - name: http-metrics - containerPort: {{ .Values.server.metrics_port | default 9090 }} - {{- end }} - readinessProbe: - httpGet: - path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz - port: api-port - {{- if (include "kiali-server.identity.cert_file" .) }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz - port: api-port - {{- if (include "kiali-server.identity.cert_file" .) }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LOG_LEVEL - value: "{{ include "kiali-server.logLevel" . }}" - - name: LOG_FORMAT - value: "{{ .Values.deployment.logger.log_format }}" - - name: LOG_TIME_FIELD_FORMAT - value: "{{ .Values.deployment.logger.time_field_format }}" - - name: LOG_SAMPLER_RATE - value: "{{ .Values.deployment.logger.sampler_rate }}" - volumeMounts: - {{- if .Values.web_root_override }} - - name: kiali-console - subPath: env.js - mountPath: /opt/kiali/console/env.js - {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - mountPath: "/kiali-configuration" - - name: {{ include "kiali-server.fullname" . }}-cert - mountPath: "/kiali-cert" - - name: {{ include "kiali-server.fullname" . }}-secret - mountPath: "/kiali-secret" - - name: {{ include "kiali-server.fullname" . }}-cabundle - mountPath: "/kiali-cabundle" - {{- range .Values.deployment.custom_secrets }} - - name: {{ .name }} - mountPath: "{{ .mount }}" - {{- end }} - {{- if .Values.deployment.resources }} - resources: - {{- toYaml .Values.deployment.resources | nindent 10 }} - {{- end }} - volumes: - {{- if .Values.web_root_override }} - - name: kiali-console - configMap: - name: kiali-console - items: - - key: env.js - path: env.js - {{- end }} - - name: {{ include "kiali-server.fullname" . }}-configuration - configMap: - name: {{ include "kiali-server.fullname" . }} - - name: {{ include "kiali-server.fullname" . }}-cert - secret: - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - secretName: {{ include "kiali-server.fullname" . }}-cert-secret - {{- else }} - secretName: istio.{{ include "kiali-server.fullname" . }}-service-account - {{- end }} - {{- if not (include "kiali-server.identity.cert_file" .) }} - optional: true - {{- end }} - - name: {{ include "kiali-server.fullname" . }}-secret - secret: - secretName: {{ .Values.deployment.secret_name }} - optional: true - - name: {{ include "kiali-server.fullname" . }}-cabundle - configMap: - name: {{ include "kiali-server.fullname" . }}-cabundle - {{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} - optional: true - {{- end }} - {{- range .Values.deployment.custom_secrets }} - - name: {{ .name }} - secret: - secretName: {{ .name }} - optional: {{ .optional | default false }} - {{- end }} - {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} - affinity: - {{- if .Values.deployment.affinity.node }} - nodeAffinity: - {{- toYaml .Values.deployment.affinity.node | nindent 10 }} - {{- end }} - {{- if .Values.deployment.affinity.pod }} - podAffinity: - {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} - {{- end }} - {{- if .Values.deployment.affinity.pod_anti }} - podAntiAffinity: - {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} - {{- end }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.deployment.tolerations }} -{{ toYaml .Values.deployment.tolerations | indent 8 }} -{{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.deployment.node_selector }} -{{ toYaml .Values.deployment.node_selector | indent 8 }} -{{- end }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml deleted file mode 100644 index 934c4c1e9..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.deployment.hpa.spec }} ---- -apiVersion: {{ .Values.deployment.hpa.api_version }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "kiali-server.fullname" . }} - {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} -... -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml deleted file mode 100644 index 27807fc3d..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} -{{- if eq "true" (include "kiali-server.deployment.ingress.enabled" .) }} ---- -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} -apiVersion: networking.k8s.io/v1 -{{- else }} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- if .Values.deployment.ingress.additional_labels }} - {{- toYaml .Values.deployment.ingress.additional_labels | nindent 4 }} - {{- end }} - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - {{- if .Values.deployment.ingress.override_yaml.metadata.annotations }} - {{- toYaml .Values.deployment.ingress.override_yaml.metadata.annotations | nindent 4 }} - {{- else }} - # For ingress-nginx versions older than 0.20.0 use secure-backends. - # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) - # For ingress-nginx versions 0.20.0 and later use backend-protocol. - {{- if (include "kiali-server.identity.cert_file" .) }} - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - {{- else }} - nginx.ingress.kubernetes.io/secure-backends: "false" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - {{- end }} - {{- end }} -spec: - {{- if hasKey .Values.deployment.ingress.override_yaml "spec" }} - {{- toYaml .Values.deployment.ingress.override_yaml.spec | nindent 2 }} - {{- else }} - {{- if .Values.deployment.ingress.class_name }} - ingressClassName: {{ .Values.deployment.ingress.class_name }} - {{- end }} - rules: - - http: - paths: - - path: {{ include "kiali-server.server.web_root" . }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} - pathType: Prefix - backend: - service: - name: {{ include "kiali-server.fullname" . }} - port: - number: {{ .Values.server.port }} - {{- else }} - backend: - serviceName: {{ include "kiali-server.fullname" . }} - servicePort: {{ .Values.server.port }} - {{- end }} - {{- if not (empty .Values.server.web_fqdn) }} - host: {{ .Values.server.web_fqdn }} - {{- end }} - {{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml deleted file mode 100644 index a178bb85e..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} -{{- if .Values.kiali_route_url }} ---- -apiVersion: oauth.openshift.io/v1 -kind: OAuthClient -metadata: - name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -redirectURIs: -- {{ .Values.kiali_route_url }} -grantMethod: auto -allowAnyScope: true -... -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml deleted file mode 100644 index f891892cc..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: kiali ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "kiali-server.fullname" . }}-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kiali-server.fullname" . }}-psp - namespace: {{ .Release.Namespace }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml deleted file mode 100644 index 2adbe00f0..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-controlplane - namespace: {{ include "kiali-server.istio_namespace" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -{{- if .Values.kiali_feature_flags.clustering.enabled }} -- apiGroups: [""] - resources: - - secrets - verbs: - - list -{{- end }} -{{- if .Values.kiali_feature_flags.certificates_information_indicators.enabled }} -- apiGroups: [""] - resourceNames: - {{- range .Values.kiali_feature_flags.certificates_information_indicators.secrets }} - - {{ . }} - {{- end }} - resources: - - secrets - verbs: - - get - - list - - watch -{{- end }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml deleted file mode 100644 index 706b95625..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml +++ /dev/null @@ -1,89 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kiali-server.fullname" . }}-viewer - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - pods/log - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - namespaces - - pods - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - pods/portforward - verbs: - - create - - post -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - networking.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["apps.openshift.io"] - resources: - - deploymentconfigs - verbs: - - get - - list - - watch -- apiGroups: ["project.openshift.io"] - resources: - - projects - verbs: - - get -- apiGroups: ["route.openshift.io"] - resources: - - routes - verbs: - - get -- apiGroups: ["iter8.tools"] - resources: - - experiments - verbs: - - get - - list - - watch -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: - - create -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml deleted file mode 100644 index 4ce52ee1d..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - pods/log - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - namespaces - - pods - - replicationcontrollers - - services - verbs: - - get - - list - - watch - - patch -- apiGroups: [""] - resources: - - pods/portforward - verbs: - - create - - post -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch - - patch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - patch -- apiGroups: - - networking.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: ["apps.openshift.io"] - resources: - - deploymentconfigs - verbs: - - get - - list - - watch - - patch -- apiGroups: ["project.openshift.io"] - resources: - - projects - verbs: - - get -- apiGroups: ["route.openshift.io"] - resources: - - routes - verbs: - - get -- apiGroups: ["iter8.tools"] - resources: - - experiments - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: - - create -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml deleted file mode 100644 index 5a0015836..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-controlplane - namespace: {{ include "kiali-server.istio_namespace" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-controlplane -subjects: -- kind: ServiceAccount - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml deleted file mode 100644 index 1eaabd65f..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - {{- if .Values.deployment.view_only_mode }} - name: {{ include "kiali-server.fullname" . }}-viewer - {{- else }} - name: {{ include "kiali-server.fullname" . }} - {{- end }} -subjects: -- kind: ServiceAccount - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml deleted file mode 100644 index 8325c14a7..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} -{{- if eq "true" (include "kiali-server.deployment.ingress.enabled" .) }} -# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- if .Values.deployment.ingress.additional_labels }} - {{- toYaml .Values.deployment.ingress.additional_labels | nindent 4 }} - {{- end }} - {{- include "kiali-server.labels" . | nindent 4 }} - {{- if .Values.deployment.ingress.override_yaml.metadata.annotations }} - annotations: - {{- toYaml .Values.deployment.ingress.override_yaml.metadata.annotations | nindent 4 }} - {{- end }} -spec: - {{- if hasKey .Values.deployment.ingress.override_yaml "spec" }} - {{- toYaml .Values.deployment.ingress.override_yaml.spec | nindent 2 }} - {{- else }} - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: {{ include "kiali-server.fullname" . }} - port: - targetPort: {{ .Values.server.port }} - {{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml deleted file mode 100644 index b57229342..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret - {{- end }} - {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} - {{- if empty .Values.server.web_port }} - kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ include "kiali-server.server.web_root" . }} - {{- else }} - kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{ include "kiali-server.server.web_root" . }} - {{- end }} - {{- end }} - {{- if .Values.deployment.service_annotations }} - {{- toYaml .Values.deployment.service_annotations | nindent 4 }} - {{- end }} -spec: - {{- if .Values.deployment.service_type }} - type: {{ .Values.deployment.service_type }} - {{- end }} - ports: - {{- if (include "kiali-server.identity.cert_file" .) }} - - name: tcp - {{- else }} - - name: http - {{- end }} - protocol: TCP - port: {{ .Values.server.port }} - {{- if .Values.server.metrics_enabled }} - - name: http-metrics - protocol: TCP - port: {{ .Values.server.metrics_port }} - {{- end }} - selector: - {{- include "kiali-server.selectorLabels" . | nindent 4 }} - {{- if .Values.deployment.additional_service_yaml }} - {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} - {{- end }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml deleted file mode 100644 index 9151b6f6a..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml deleted file mode 100644 index 970d4e4f5..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.web_root_override }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: kiali-console - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -data: - env.js: | - window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml deleted file mode 100644 index 549959e26..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml +++ /dev/null @@ -1,116 +0,0 @@ -# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead. -# This is only supported for backward compatibility and will be removed in a future version. -# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali", -# then 'deployment.instance_name' will take the value of 'fullnameOverride' value. -# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used. -fullnameOverride: "kiali" - -# This is required for "openshift" auth strategy. -# You have to know ahead of time what your Route URL will be because -# right now the helm chart can't figure this out at runtime (it would -# need to wait for the Kiali Route to be deployed and for OpenShift -# to start it up). If someone knows how to update this helm chart to -# do this, a PR would be welcome. -kiali_route_url: "" - -# rancher specific override that allows proxy access to kiali url -web_root_override: true - -# -# Settings that mimic the Kiali CR which are placed in the ConfigMap. -# Note that only those values used by the Helm Chart will be here. -# - -istio_namespace: "" # default is where Kiali is installed - -auth: - openid: {} - openshift: {} - strategy: "" - -deployment: - # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. - # For more control over what the Kial Service Account can see, use the Kiali Operator - accessible_namespaces: - - "**" - additional_service_yaml: {} - affinity: - node: {} - pod: {} - pod_anti: {} - custom_secrets: [] - host_aliases: [] - hpa: - api_version: "autoscaling/v2beta2" - spec: {} - image_digest: "" # use "sha256" if image_version is a sha256 hash (do NOT prefix this value with a "@") - repository: rancher/mirrored-kiali-kiali - image_pull_policy: "Always" - image_pull_secrets: [] - tag: v1.44.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash - ingress: - additional_labels: {} - class_name: "nginx" - #enabled: - override_yaml: - metadata: {} - instance_name: "kiali" - logger: - log_format: "text" - log_level: "info" - time_field_format: "2006-01-02T15:04:05Z07:00" - sampler_rate: "1" - node_selector: {} - pod_annotations: {} - pod_labels: {} - priority_class_name: "" - replicas: 1 - resources: - requests: - cpu: "10m" - memory: "64Mi" - limits: - memory: "1Gi" - secret_name: "kiali" - service_annotations: {} - service_type: "" - tolerations: [] - version_label: v1.44.0 # v1.39 # v1.39.0 # see: https://quay.io/repository/kiali/kiali?tab=tags - view_only_mode: false - -external_services: - custom_dashboards: - enabled: true - istio: - root_namespace: "" - -identity: {} - #cert_file: - #private_key_file: - -kiali_feature_flags: - certificates_information_indicators: - enabled: true - secrets: - - cacerts - - istio-ca-secret - clustering: - enabled: true -login_token: - signing_key: "" - -server: - port: 20001 - metrics_enabled: true - metrics_port: 9090 - web_root: "" - -# Common settings used among istio subcharts. -global: - # Specify rancher clusterId of external tracing config - # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 - cattle: - systemDefaultRegistry: "" - clusterId: - rbac: - pspEnabled: false diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml deleted file mode 100644 index 94b2f4493..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing -apiVersion: v1 -appVersion: 1.32.0 -description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for details. -name: tracing -version: 1.32.0 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md deleted file mode 100644 index 25534c628..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Jaeger - -A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. - -> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl deleted file mode 100644 index bf6a9aee5..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl +++ /dev/null @@ -1,92 +0,0 @@ -{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} -{{- define "nodeAffinity" }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityRequiredDuringScheduling" . }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "nodeAffinityPreferredDuringScheduling" . }} -{{- end }} - -{{- define "nodeAffinityRequiredDuringScheduling" }} - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - {{ $key | quote }} - {{- end }} - {{- end }} - {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} - {{- range $key, $val := $nodeSelector }} - - key: {{ $key }} - operator: In - values: - - {{ $val | quote }} - {{- end }} -{{- end }} - -{{- define "nodeAffinityPreferredDuringScheduling" }} - {{- range $key, $val := .Values.global.arch }} - {{- if gt ($val | int) 0 }} - - weight: {{ $val | int }} - preference: - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ $key | quote }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinity" }} -{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} - podAntiAffinity: - {{- if .Values.podAntiAffinityLabelSelector }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityRequiredDuringScheduling" . }} - {{- end }} - {{- if or .Values.podAntiAffinityTermLabelSelector}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- include "podAntiAffinityPreferredDuringScheduling" . }} - {{- end }} -{{- end }} -{{- end }} - -{{- define "podAntiAffinityRequiredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} - - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - {{- end }} -{{- end }} - -{{- define "podAntiAffinityPreferredDuringScheduling" }} - {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: {{ $item.key }} - operator: {{ $item.operator }} - {{- if $item.values }} - values: - {{- $vals := split "," $item.values }} - {{- range $i, $v := $vals }} - - {{ $v | quote }} - {{- end }} - {{- end }} - topologyKey: {{ $item.topologyKey }} - weight: 100 - {{- end }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl deleted file mode 100644 index 09c6b0546..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tracing.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tracing.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml deleted file mode 100644 index 59928735f..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ .Values.provider }} - template: - metadata: - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - sidecar.istio.io/inject: "false" - prometheus.io/scrape: "true" - prometheus.io/port: "14269" -{{- if .Values.jaeger.podAnnotations }} -{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} -{{- end }} - spec: - containers: - - name: jaeger - image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - env: - {{- if eq .Values.jaeger.spanStorageType "badger" }} - - name: BADGER_EPHEMERAL - value: "false" - - name: SPAN_STORAGE_TYPE - value: "badger" - - name: BADGER_DIRECTORY_VALUE - value: "/badger/data" - - name: BADGER_DIRECTORY_KEY - value: "/badger/key" - {{- end }} - - name: COLLECTOR_ZIPKIN_HOST_PORT - value: "9411" - - name: MEMORY_MAX_TRACES - value: "{{ .Values.jaeger.memory.max_traces }}" - - name: QUERY_BASE_PATH - value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} - livenessProbe: - httpGet: - path: / - port: 14269 - readinessProbe: - httpGet: - path: / - port: 14269 -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumeMounts: - - name: data - mountPath: /badger -{{- end }} - resources: -{{- if .Values.jaeger.resources }} -{{ toYaml .Values.jaeger.resources | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | indent 12 }} -{{- end }} - affinity: - {{- include "nodeAffinity" . | indent 6 }} - {{- include "podAntiAffinity" . | indent 6 }} - {{- if .Values.global.rbac.pspEnabled }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: {{ include "tracing.fullname" . }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{- if eq .Values.jaeger.spanStorageType "badger" }} - volumes: - - name: data -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} - persistentVolumeClaim: - claimName: istio-jaeger-pvc -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml deleted file mode 100644 index 44b230492..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "tracing.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "tracing.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - policy - resourceNames: - - {{ include "tracing.fullname" . }} - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "tracing.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - emptyDir - - secret - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml deleted file mode 100644 index 9b4c55e4f..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.jaeger.persistentVolumeClaim.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: istio-jaeger-pvc - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} -spec: - storageClassName: {{ .Values.jaeger.storageClassName }} - accessModes: - - {{ .Values.jaeger.accessMode }} - resources: - requests: - storage: {{.Values.jaeger.persistentVolumeClaim.storage }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml deleted file mode 100644 index 4210a9b5f..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tracing - namespace: {{ .Release.Namespace }} - annotations: - {{- range $key, $val := .Values.service.annotations }} - {{ $key }}: {{ $val | quote }} - {{- end }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.service.externalPort }} - protocol: TCP - targetPort: 16686 - selector: - app: {{ .Values.provider }} ---- -# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. -apiVersion: v1 -kind: Service -metadata: - name: zipkin - namespace: {{ .Release.Namespace }} - labels: - name: zipkin - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - name: {{ .Values.service.name }} - port: {{ .Values.zipkin.queryPort }} - targetPort: {{ .Values.zipkin.queryPort }} - selector: - app: {{ .Values.provider }} ---- -apiVersion: v1 -kind: Service -metadata: - name: jaeger-collector - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.provider }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - name: jaeger-collector-http - port: 14268 - targetPort: 14268 - protocol: TCP - - name: jaeger-collector-grpc - port: 14250 - targetPort: 14250 - protocol: TCP - selector: - app: {{ .Values.provider }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml deleted file mode 100644 index d01450233..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -provider: jaeger -contextPath: "" -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] -podAntiAffinityLabelSelector: [] -podAntiAffinityTermLabelSelector: [] -nameOverride: "" -fullnameOverride: "" - -global: - cattle: - systemDefaultRegistry: "" - defaultResources: {} - imagePullPolicy: IfNotPresent - imagePullSecrets: [] - arch: - amd64: 2 - s390x: 2 - ppc64le: 2 - defaultNodeSelector: - kubernetes.io/os: linux - rbac: - pspEnabled: false - -jaeger: - repository: rancher/mirrored-jaegertracing-all-in-one - tag: 1.32.0 - # spanStorageType value can be "memory" and "badger" for all-in-one image - spanStorageType: badger - resources: - requests: - cpu: 10m - persistentVolumeClaim: - enabled: false - storage: 5Gi - storageClassName: "" - accessMode: ReadWriteMany - memory: - max_traces: 50000 -zipkin: - queryPort: 9411 -service: - annotations: {} - name: http-query - type: ClusterIP - externalPort: 16686 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml b/charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml deleted file mode 100644 index 4f676b778..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - base: - enabled: {{ .Values.base.enabled }} - cni: - enabled: {{ .Values.cni.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - egressGateways: - - enabled: {{ .Values.egressGateways.enabled }} - name: istio-egressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - ingressGateways: - - enabled: {{ .Values.ingressGateways.enabled }} - name: istio-ingressgateway - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - nodePort: 31380 - - name: https - port: 443 - targetPort: 8443 - nodePort: 31390 - - name: tcp - port: 31400 - targetPort: 31400 - nodePort: 31400 - - name: tls - port: 15443 - targetPort: 15443 - istiodRemote: - enabled: {{ .Values.istiodRemote.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - pilot: - enabled: {{ .Values.pilot.enabled }} - k8s: - nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 12 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 12 }} -{{- end }} - hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} - profile: default - tag: {{ .Values.tag }} - revision: {{ .Values.revision }} - meshConfig: - defaultConfig: - proxyMetadata: - {{- if .Values.dns.enabled }} - ISTIO_META_DNS_CAPTURE: "true" - {{- end }} - values: - gateways: - istio-egressgateway: - name: istio-egressgateway - type: {{ .Values.egressGateways.type }} - istio-ingressgateway: - name: istio-ingressgateway - type: {{ .Values.ingressGateways.type }} - global: - istioNamespace: {{ template "istio.namespace" . }} - proxy: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} - proxy_init: - image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} - {{- if .Values.global.defaultPodDisruptionBudget.enabled }} - defaultPodDisruptionBudget: - enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} - {{- end }} - {{- if .Values.pilot.enabled }} - pilot: - image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} - {{- end }} - telemetry: - enabled: {{ .Values.telemetry.enabled }} - v2: - enabled: {{ .Values.telemetry.v2.enabled }} - {{- if .Values.cni.enabled }} - cni: - image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} - excludeNamespaces: - {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} - logLevel: {{ .Values.cni.logLevel }} - {{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml b/charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml deleted file mode 100644 index 943a08326..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: -- condition: kiali.enabled - name: kiali - repository: file://./charts/kiali -- condition: tracing.enabled - name: tracing - repository: file://./charts/tracing diff --git a/charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml b/charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml deleted file mode 100644 index 5cf3cf3b0..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - ingressGateways: - - enabled: true - name: ilb-gateway - namespace: user-ingressgateway-ns - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal - - enabled: true - name: other-gateway - namespace: cattle-istio-system - k8s: - resources: - requests: - cpu: 200m - service: - ports: - - name: tcp-citadel-grpc-tls - port: 8060 - targetPort: 8060 - - name: tcp-dns - port: 5353 - serviceAnnotations: - cloud.google.com/load-balancer-type: internal diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl b/charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl deleted file mode 100644 index 30b429a80..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "istio.namespace" -}} - {{- .Release.Namespace | default "istio-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml deleted file mode 100644 index ad1313c4f..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: istio-admin - namespace: {{ template "istio.namespace" . }} -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml deleted file mode 100644 index 5323917bc..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-base - namespace: {{ template "istio.namespace" . }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml deleted file mode 100644 index 8eeb78758..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-installer -rules: -# istio groups -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - install.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - telemetry.istio.io - resources: - - '*' - verbs: - - '*' -# k8s groups -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions.apiextensions.k8s.io - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments - - deployments/finalizers - - ingresses - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - pods/exec - - persistentvolumeclaims - - secrets - - services - - serviceaccounts - verbs: - - '*' -- apiGroups: - - policy - resourceNames: - - istio-installer - resources: - - podsecuritypolicies - verbs: - - use diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml deleted file mode 100644 index 9d74a0434..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-installer -subjects: -- kind: ServiceAccount - name: istio-installer - namespace: {{ template "istio.namespace" . }} -roleRef: - kind: ClusterRole - name: istio-installer - apiGroup: rbac.authorization.k8s.io diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml deleted file mode 100644 index d1059d58d..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-edit -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: - - '*' diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml deleted file mode 100644 index 5b94c8503..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: true - fsGroup: - rule: RunAsAny - hostNetwork: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - configMap - - emptyDir - - hostPath ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: psp-istio-cni -subjects: - - kind: ServiceAccount - name: istio-cni ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: psp-istio-cni - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - psp-istio-cni - resources: - - podsecuritypolicies - verbs: - - use -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml deleted file mode 100644 index c2e362e68..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-installer - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - template: - spec: - {{- if .Values.installer.releaseMirror.enabled }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "github.com" - {{- end }} - containers: - - name: istioctl-installer - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - - name: FORCE_INSTALL - value: {{ .Values.forceInstall | default "false" | quote }} - - name: RELEASE_MIRROR_ENABLED - value: {{ .Values.installer.releaseMirror.enabled | quote }} - - name: SECONDS_SLEEP - value: {{ .Values.installer.debug.secondsSleep | quote}} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/run.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{- end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{- end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 499 - runAsGroup: 487 - restartPolicy: Never diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml deleted file mode 100644 index f0b5ee565..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'configMap' - - 'secret' -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml deleted file mode 100644 index b3758b74f..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istio-psp -subjects: - - kind: ServiceAccount - name: istio-egressgateway-service-account - - kind: ServiceAccount - name: istio-ingressgateway-service-account - - kind: ServiceAccount - name: istio-mixer-service-account - - kind: ServiceAccount - name: istio-operator-authproxy - - kind: ServiceAccount - name: istiod-service-account - - kind: ServiceAccount - name: istio-sidecar-injector-service-account - - kind: ServiceAccount - name: istiocoredns-service-account - - kind: ServiceAccount - name: default ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - istio-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: istio-psp - namespace: {{ template "istio.namespace" . }} -spec: - allowPrivilegeEscalation: false - forbiddenSysctls: - - '*' - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim -{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml deleted file mode 100644 index 0091d0c17..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: istioctl-uninstaller - namespace: {{ template "istio.namespace" . }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - containers: - - name: istioctl-uninstaller - image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} - env: - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: ISTIO_NAMESPACE - value: {{ template "istio.namespace" . }} - command: ["/bin/sh","-c"] - args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] - volumeMounts: - - name: config-volume - mountPath: /app/istio-base.yaml - subPath: istio-base.yaml - {{- if .Values.overlayFile }} - - name: overlay-volume - mountPath: /app/overlay-config.yaml - subPath: overlay-config.yaml - {{ end }} - volumes: - - name: config-volume - configMap: - name: istio-installer-base - {{- if .Values.overlayFile }} - - name: overlay-volume - configMap: - name: istio-installer-overlay - {{ end }} - serviceAccountName: istio-installer - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - securityContext: - runAsUser: 101 - runAsGroup: 101 - restartPolicy: OnFailure diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml deleted file mode 100644 index 287d26b2c..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.overlayFile }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-installer-overlay - namespace: {{ template "istio.namespace" . }} -data: - overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} -{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml deleted file mode 100644 index c3d60c4fc..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.kiali.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: envoy-stats-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-proxies -spec: - selector: - matchExpressions: - - {key: istio-prometheus-ignore, operator: DoesNotExist} - namespaceSelector: - any: true - jobLabel: envoy-stats - endpoints: - - path: /stats/prometheus - targetPort: 15090 - interval: 15s - relabelings: - - sourceLabels: [__meta_kubernetes_pod_container_port_name] - action: keep - regex: '.*-envoy-prom' - - action: labeldrop - regex: "__meta_kubernetes_pod_label_(.+)" - - sourceLabels: [__meta_kubernetes_namespace] - action: replace - targetLabel: namespace - - sourceLabels: [__meta_kubernetes_pod_name] - action: replace - targetLabel: pod_name ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: istio-component-monitor - namespace: {{ template "istio.namespace" . }} - labels: - monitoring: istio-components -spec: - jobLabel: istio - targetLabels: [app] - selector: - matchExpressions: - - {key: istio, operator: In, values: [pilot]} - namespaceSelector: - any: true - endpoints: - - port: http-monitoring - interval: 15s -{{- end -}} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml deleted file mode 100644 index 82b6cbb7e..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-installer - namespace: {{ template "istio.namespace" . }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml deleted file mode 100644 index 5947d3eba..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - namespace: {{ template "istio.namespace" . }} - name: istio-view -rules: - - apiGroups: - - config.istio.io - resources: - - adapters - - attributemanifests - - handlers - - httpapispecbindings - - httpapispecs - - instances - - quotaspecbindings - - quotaspecs - - rules - - templates - verbs: ["get", "watch", "list"] - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - envoyfilters - - gateways - - serviceentries - - sidecars - - virtualservices - - workloadentries - verbs: ["get", "watch", "list"] - - apiGroups: - - security.istio.io - resources: - - authorizationpolicies - - peerauthentications - - requestauthentications - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/100.2.0+up1.12.6/values.yaml b/charts/rancher-istio/100.2.0+up1.12.6/values.yaml deleted file mode 100644 index a002f87ac..000000000 --- a/charts/rancher-istio/100.2.0+up1.12.6/values.yaml +++ /dev/null @@ -1,98 +0,0 @@ -overlayFile: "" -tag: 1.12.6 -##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install -forceInstall: false - -installer: - repository: rancher/istio-installer - tag: 1.12.6-rancher1 - ##releaseMirror are configurations for istio upgrades. - ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal - ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets. - releaseMirror: - enabled: false - - ##Set the secondsSleep to run a sleep command `sleep s` to allow time to exec into istio-installer pod for debugging - debug: - secondsSleep: 0 - -##Native support for dns added in 1.8 -dns: - enabled: false - -base: - enabled: true - -cni: - enabled: false - repository: rancher/mirrored-istio-install-cni - tag: 1.12.6 - logLevel: info - excludeNamespaces: - - istio-system - - kube-system - -egressGateways: - enabled: false - type: NodePort - -ingressGateways: - enabled: true - type: NodePort - -istiodRemote: - enabled: false - -pilot: - enabled: true - repository: rancher/mirrored-istio-pilot - tag: 1.12.6 - -telemetry: - enabled: true - v2: - enabled: true - -global: - cattle: - systemDefaultRegistry: "" - proxy: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.12.6 - proxy_init: - repository: rancher/mirrored-istio-proxyv2 - tag: 1.12.6 - defaultPodDisruptionBudget: - enabled: true - rbac: - pspEnabled: true - -# Kiali subchart from rancher-kiali-server -kiali: - enabled: true - auth: - strategy: anonymous - deployment: - ingress_enabled: false - external_services: - prometheus: - custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" - tracing: - in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" - use_grpc: false - grafana: - in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" - -tracing: - enabled: false - contextPath: "/jaeger" - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] diff --git a/index.yaml b/index.yaml index 327955a0d..49033856f 100755 --- a/index.yaml +++ b/index.yaml @@ -3443,41 +3443,6 @@ entries: - assets/rancher-grafana/rancher-grafana-6.6.401.tgz version: 6.6.401 rancher-istio: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/kube-version: 1.19 - 1.22 - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0' - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: istio - catalog.cattle.io/upstream-version: 1.12.6 - apiVersion: v1 - appVersion: 1.12.6 - created: "2022-04-07T22:29:18.263230967+05:30" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 0bb736a0fdb0901b356f9222b9ebde3ffbebf07a26e7f649bf91afddb4d76a5b - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz - version: 100.2.0+up1.12.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio From 8a85b92d7f99cba471f28fde49afb6a0397487d4 Mon Sep 17 00:00:00 2001 From: Vaishnav Gaikwad Date: Thu, 14 Apr 2022 17:42:51 +0530 Subject: [PATCH 3/3] make charts --- .../rancher-istio-100.2.0+up1.12.6.tgz | Bin 0 -> 18494 bytes .../rancher-istio/100.2.0+up1.12.6/Chart.yaml | 24 +++ .../rancher-istio/100.2.0+up1.12.6/README.md | 79 +++++++ .../100.2.0+up1.12.6/app-readme.md | 43 ++++ .../100.2.0+up1.12.6/charts/kiali/Chart.yaml | 29 +++ .../charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 203 ++++++++++++++++++ .../charts/kiali/templates/cabundle.yaml | 13 ++ .../charts/kiali/templates/configmap.yaml | 26 +++ .../charts/kiali/templates/deployment.yaml | 193 +++++++++++++++++ .../charts/kiali/templates/hpa.yaml | 17 ++ .../charts/kiali/templates/ingress.yaml | 62 ++++++ .../charts/kiali/templates/oauth.yaml | 17 ++ .../charts/kiali/templates/psp.yaml | 67 ++++++ .../kiali/templates/role-controlplane.yaml | 30 +++ .../charts/kiali/templates/role-viewer.yaml | 89 ++++++++ .../charts/kiali/templates/role.yaml | 99 +++++++++ .../templates/rolebinding-controlplane.yaml | 17 ++ .../charts/kiali/templates/rolebinding.yaml | 20 ++ .../charts/kiali/templates/route.yaml | 34 +++ .../charts/kiali/templates/service.yaml | 45 ++++ .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/web-root-configmap.yaml | 12 ++ .../100.2.0+up1.12.6/charts/kiali/values.yaml | 116 ++++++++++ .../charts/tracing/.helmignore | 23 ++ .../charts/tracing/Chart.yaml | 12 ++ .../100.2.0+up1.12.6/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 ++++++++ .../charts/tracing/templates/_helpers.tpl | 47 ++++ .../charts/tracing/templates/deployment.yaml | 94 ++++++++ .../charts/tracing/templates/psp.yaml | 86 ++++++++ .../charts/tracing/templates/pvc.yaml | 16 ++ .../charts/tracing/templates/service.yaml | 63 ++++++ .../charts/tracing/values.yaml | 50 +++++ .../100.2.0+up1.12.6/configs/istio-base.yaml | 126 +++++++++++ .../100.2.0+up1.12.6/requirements.yaml | 7 + .../samples/overlay-example.yaml | 37 ++++ .../100.2.0+up1.12.6/templates/_helpers.tpl | 27 +++ .../templates/admin-role.yaml | 43 ++++ .../templates/base-config-map.yaml | 7 + .../templates/clusterrole.yaml | 132 ++++++++++++ .../templates/clusterrolebinding.yaml | 12 ++ .../100.2.0+up1.12.6/templates/edit-role.yaml | 43 ++++ .../templates/istio-cni-psp.yaml | 51 +++++ .../templates/istio-install-job.yaml | 66 ++++++ .../templates/istio-install-psp.yaml | 30 +++ .../100.2.0+up1.12.6/templates/istio-psp.yaml | 81 +++++++ .../templates/istio-uninstall-job.yaml | 53 +++++ .../templates/overlay-config-map.yaml | 9 + .../templates/service-monitors.yaml | 51 +++++ .../templates/serviceaccount.yaml | 5 + .../100.2.0+up1.12.6/templates/view-role.yaml | 41 ++++ .../100.2.0+up1.12.6/values.yaml | 98 +++++++++ index.yaml | 35 +++ 54 files changed, 2691 insertions(+) create mode 100644 assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/Chart.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/README.md create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/app-readme.md create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml create mode 100644 charts/rancher-istio/100.2.0+up1.12.6/values.yaml diff --git a/assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz b/assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7b1851fbc393b98da04a30e50729d1a048334f32 GIT binary patch literal 18494 zcmV)#K##v4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMcjGp)C_10{D{$!9r`z5p_3*1(XEJwtx}C&3{qVJ&ql@RM0Uc;Q(n`X)G2}oiNBw$U{B9-)}4}TjL21$N&L>dVJ0WnKhPWe1IYv zXZMX?6OzuT;9g#8|Bl8XyW@?e&8o-&efIaSP~SiHyIvRlP5t@urPqDdT$@A$bE0uk zT462af6WLN+zXOyfKGbd<^kr#W@N_F`2h6~dWUamV_7jz$N&XV#sx_|!C2H-ETdk) zW(kW)EHsLn%OzZ-1kXw{*Y}SdoX{W4tJ|J~ljMg=iIDIhrHO!dr)Y#Z4HSJKPDGX< zF~tJWmx^43O(O0#EX#yR&megrM<6F0X)`t2H`6BFzZ8qfvxXGGn&{)@v{&!40fK zASI+%1o|85`N#e}!f~kT#7rO@<7oaHL35U+X6+kpg_4vqSnv9SQ|^6?BTgJgeMx*B&P_W94l%D5j+Nq&<-a7i$i`D5t7Ir(kw<8arhaq z*-X;V2lexBcG-#&Skh4ilL-s;hB3+}6UpO|`dh(iw>&^y z$JyC=hXuVQh-XQ{QlTox9N{oj^VjoVIH8iDDx-8pn3K|bNfV9}#I&JwGbPUei6rz& z1Mz~GmWkRyC}NX0HkOCOJsx;*xkjwOMhfGq!`8QaQJ3Mb1 z6+%kDc*jC=!BQcYV|yJKaYGdeLwHGMOpqqbB{X89si75c1a&LeaRiCTjEHpJ)aY%$ zLZxb+CJ`IqNQ=fIBAP@1QLo7uXOXxh6Ut?)l7AwUr0jmKimd{uEPdOD;^nD?FGCtr z@d%BD3e*c0zNS3QKpgu=7EXw08Z|=c2nXs*!jrQyN_Nn96h{>CYy`4ZiEVi|@|(v= zdP`CVel%elXJV>RDN-!RWIjMRX7PN+G7j)25u4AXSPG>yc@1lHXqeMb_DD5-1M+4> zOi8AHBNSv@u-Q<~KMnXWOQQjDrHnY}^0^_Ns=KddJ5vjyu0#G9hUWB`3p4ngli#WfZO4oMWM;Mic>y1-Ta&SWE}V&ByQT>;U^g5gw69?dozbz?{=bEQw8) zxFqA^@F3Y@8WTY{9CBH}I~gabH_2#7Ix!20$4Nv2xt==C&W(CHh> z1!7|)KO%u?EV$gE1dE6ye)L>#pd5Xd_lN%em6V)z9bF1e=;)`PANfF0mj4BrC2*+f z45uVYNXmVYY@8|6jgPMudvQW}dfa{q&O+_f4YQfxLq-1;ag zBkJrqKPt6Te%b*!8;4@p^3V;D0**^8yy!ZO^%(aX3J)6z95R5piZj;1COt z9Fe`4Pa=Y8~GwkoCEWvnxWQ6|U?$8=1%C_YVb97c9o zDLUeW@`MB<8izEVG=3{y!g)RpNb%;^j0xP>K>nq81tZRX&%8rABu`gu9R2 zJ1l~!{3D`VxIed{snC8eMO8?+pfSvF84wcRviX=sB|J{FdLVzHPi-U?DYYtd8j=88 z6>n)OGAZ4wLtg&gYq*LrBuw96NF9435#f8Lz@ti$`T|NG*G){ zF+1wgrs;D7oKL_0+xY(obK~cf(I&8j|9AVxRsMf+e6YR$eUhhgfu}h<%==rM zl=!>NoO5NWCkf@jTv|0L3nmeI?te`q!u@X|HbSnVIo{cGcl}eYAVEI*9nn~>a@3dg zzckkVb)L5Mua75>A^jh1U?_2mBN{F&vy?s)YEgR|BX{5^AbL)5R7BoPg8 z-Vhg9kZ~627b`4q#seIwTiXhZz_?f}aFnpnlvH3WYqz**@B@|-#{GcJ>OJTKh%Q}e zctV7liV3e$VP0=EVPTlx%8lSwZWWMQ*>wX!6}!20q%6JHvs3!ZD!U9AxcaR2 z3aev=4Rys~!l)q_a+}jmE*)}%j^d9FxhH}8CATRqNGxtyl+8#GVLIc652ZOh6-UJU z2Mz+3#VaATHbk9Iprh@gwz-8yZ!=r9l{_A&- zPL8(n-%~s_vF;ygwpUjQE*ArNHu{AG0t_ove^+Wi>_9kGJdpDV{H@|Cdx&QU9;L+RF=CHnr9M zZ?*qh?f-+GHvX>`RS;7z;hSmym-GLVewF{99CrI#{{IwDv+)eD@51s^a$9?oP=}<> zZEr*bHrv7l3$OHwx=@Fxx@4H}#LFq`!38oNwA5%0@{1Q>qO(NIU(;0UHaHkGI&19Mwp{<%lVZu-tH{wtGB1hbWeAGnf*g0t zfuX$l%W7-lAy`amTLM#^zE7TIX6a?joXIDO{Nu$2Zz3ga;G~L`hBT9PlmiKLqV~g) zq$#-(mdf&Mq)N6Is_+KO>$Vx!y1*)snW9>|(GK0>f;EO=$*8L#Ef-z~rT!P14Lt-q zOL6lc0CX!(>-c#|wLW7UzBn<* zDUaxll*FWCM|4;Hft^Q}z3qB)mCr0^W zIenItI`+%+i&y0r7w4}nhx@YLN2zL_z0J4)ea$--Uos}1RrNo*oYCn#TcH1`Hu+4w z#qq=z_`wmPmvg!qz8|3DqoaePsy=J;=2C*g_i;3r0|V1rkmd`Nly-g(J^gi>iQz;=A!pCRLv?j zioVM9^dZ5+dFd6K(MFLQw=<*nBwfF{@yqoj_8@%7%5}r_d({`b9*uv2GtAm81uP|D z%-5-}l`W5WZLk4RuW@By_qNV;L3P|4%5>`td-;8ykx0fY9nml(@ztCMA}U#gS1@L2;X?S{ZUa{}}0h)dlVLIDNn4kGsEdOQkW845P zlm8A5PO9hs^cELP}6>;>X#Xg4R$$Fh{bTe zG^+oQPuu!88a3nTyva4dlJ(y|?AFeI{oXeI+mk$%^$!7?Z4*VC12p=`7w1K-YJICp zH82No3i7zXf*ZP8&W{k?GH*dg zY4+$OW+~aXqF26Vgui3r?4EM*$p-$a)DMp5xnsdEZ1hHgTpB+_E!OVvT4}4KdHC8X zV1VWXPA5cMuv83C@2LB-3vX#GNP3GS`A(Hf2_T2YlYC@KG5kj14E;15%4r!Ep)`jH z3y1k>cbKqL4CSEA2?_^F6MI8Qk_%fCaz8-N{5?;NNJ49_hD~_@BurVQlG_Xblpa3! z|8v(}7497KRY+5kL^v>q0);v~0ePK=Ag2i%3;HlsY6|vESC94&FzI?e+X~8iC>Bvc z!X`zKHDrl7oFqT5v)JsVbsq04MS^S);`jf&;tH#-Bv>a?ArdQoc*BaZBhY?nHvGk& zCHud=P}|H1V43{iJE_J0I_YiWKRn6PDB)KwO>JJ(ZprmfKJ=wWzJ30(VEx}xa`$BM z9}a8rpO5?7^Z%1PUpD@Oq_Rhf{~(*%#(&txe^_(Se}rHV?LdFN^R4c^$nBB#Qa-I5S z?Ck6)ETGpUA#q4zSm7S3r>jy!K`cc~Oi79^a zE0MJinIdJeF_XA}PW8>X^Wnn>2QX@yD>wDGh^aw$*tjF6q*Gq&(9_?Mr+lDQwqli| z$BWDP0cAgG2;Z9G-nx_Wn2`WE7kIxpLu}-y`eP? z=s72(>AlLAqta~IA9j6otuthfh)TjKd$$6lqL`=@IU|DbEv6A3MMM%UOGBM@Gi3=$ zqd6L7GzuFgjVUW)00L5?;>dTLy}k1>j9h0)HDC$!>hiT311|;+g&;?#-Lys>o+A>& zVN60)q6Pv9Huv_N4`=XKfk8#xYVimXDx&JC3eWkjED1xELx+JCim%d$lrfE6JS72} z#Pm0UTz7zCrc^z87Nn4f5OUw<%j7lY(-FgI=t{Jj#IUZV5L0Sr5HfL;OmWWzibJPi zD7VOKxya#9l`R^l#N1-*VU_0tr)1zbp2}0`c<8?&0i5HU;b5v7LQ@RsJAnjnRAw!P zX%y6zCpeV@6jL%YDVGrDh}sr6x}tGFG-PrK7b$aL+SQ&#W0eKh zY%FTkg$z;+Pq9i+%t?7l%@!8!EBu+Jtfd2~xyG1AJ~}V8nM88Sic!XMQ1>BW+K1Bp z$yZ>$`~lrfNog95g4WMaTb-j&gaBJ>?=FgG}Kn){dcst_l^lN*xN(bm5su# zp>|b{Fz49}h(_TiM+8iYnJdFn^*mgFd6;4Od0h#fnRbOnlh#ZH*^sO=AOyn4IL%u0RTs<)6w_d;^A}70UW61@vk2+XQk;+wjpjC1 zM|0x|pf?INM77oe9IM49Qam2hU?1u9p|JWUDNd$_>FaZXj)Sd8RIQBy6o~?cB08f& zK_f>m7#JSXF%7Junw-`^h&)Sw0QhhiA{G<5BUS~7QgUm-?0J=A4p=N`oROT_EE_*e zeLnOY8$NQJo-bJ$!bYiRW?nLn3l`=-VG-Lo2w{QCSL&`o&Bz^&1)vNj)6ZLvEoOcN z-*n~>!4z-}Jj|TDi}rwYOm|XjEm2a1QJ(3{vu0pi5x7Z6n+Kv+Tb4xYsK_g>2t+gY zlngAA+(+N2B&dMoYn|HF(Y&}Q2fZ1FQ_X^Fk;?~^rIE?#sIhEqP+E*s8CfkmQ#tPU zwPk^4B#n{(rY##~rCMoWUcsIqL z3h7P#JtoHW5?G9Joeo%G9Kgzr5%mhPk^+CI%t={#Y?~p|(2CPw${4g5m@m|H*c09W z;+hlII6;dbSu{}^tYVhTi_#Qn>Dmaa`d3+El@*B+Sv9*4Dc4HX5Y1?ivV10;ibO-X z7TGD+0vDY5qsXJNC-*nqV_9?qd4O^d*M7}#M8{N%?@7wS4DRs@f&C}lh9dz}dp0+Le;oC*?lc2UTJ44kfv3L_+fq%#^51CtFVY-v(Hfiq~n zlNKPt2kw791z=exP-s#fQwO-@{^z)NQi=c9J3Khv-v2zwlk5M~spLQNX zANhsg(081#ncR^<$uef?OrIZPG?j>Ag-ViOk)>q6075dapCo%M@TD0H7&`&u)Gs=> zegD2gVntl?*HLHJm;1?&IE~@j%R}Eo&_|#YxkYdVm6+lfi93d7G-jz$C~@?h_!EC0 z_55T1UP9CJU;6jEa1x6N;({awrA$sd#Zfdzf^dm=IK)Z9m8aj(M^}XCWq@?#NmL$J zz9!(lO{lSPBC@2TD|B{YngQgH2uvfbef|y<)aRg})@O=Snoe*ckEdtxElpXhw9$Ke zr*NmoQn{|i^d9t9BSPT3V={Xi)km>zGz4(A({69D7-NL38T~XR>BG=@aM) zC>U~6B3V};Na*fM0B~MMNotU3UiHxi+dfLOxcP=dwg}2m)2M9DXqHsuR>>KP(S4ZR zgfvB7f;zW2?W9>;#IZ;J`+p-&w8nI-C2izk>^OQ09ZP z$uc_VzwDKl5ipC_*5#F^3Zo>?FRf924}HoJ8%qwjuL(xoJ%kVrKps5cq+lBOP;Vhu z-XOJhz|K`Iiqng8HI*N9kcbcE%kaDnA1!2(uv?HgARV=$ItGYNsX6Vv+i@JNe3i>B z$kLR=Lh^?!j%(K?=x<-4o`2%st9ui3vooWU6bm_|IU@J6WIS1n1;Lh%(z>(CcPU`U z1jUlHN}E&VRAWXYBy$%<8>DDd!7Lk9M*=`bp<2@yLv%6~h!di2bvWX5Mk6d6P)ApN zCp2bR9HL{mcw%Fe#hM&Q*hWlqs4oAHN^SI3tBjx~{O1*mMam*{5#gBRK}}G?!Xk=^ zdgU2x4bZ)R@86@45yg7pe#ue>=9frN&guxXmbvCocU|aI%g6_9TyO z`&ms>oZrT4!%vVXjGUc2hZO!I%1BO9jWL(gGF~Y(I8aq32!0ULMOA{B*2CuCys!cj zY~X<3>#yX2?=5k`uQylnbKlSnzY)lqAASwSvLpUN5LH~eZ?uV~@zrUXjdIEQ#I#1s z+fLl)m^d9taFv;>6kR-Z8oi|N{Ri3)?Rd5n|jf$e3W=ppALElrEhjGyrGxF!-Mv2svk?;ylm=51W7|D z2ff2?`)KN4?S9JN@_wSG!Ss$64X603;%8ox850Y)O1s>41N_Wu5nN6e%?1?MPQz!N zhG{k`;auH^yjH5mOC2`NPL&g~;D)3=Wv*%qD+sj?(ebF5pnUqPSu^S31@$yz|GFmBjxk&deN_U!s}`1;+|@YU(X_4k)&mP-_> zrY6xY((q|g+VfG9%w>`060r;+F;B=MNl$(+fNzo#ntN-MBpSM_iYIn|Dlm0vpzj{& zEtXGJ0p%vK`gEvlXt6z9U#V0nVjsL3(wK_JhXH#YGGUVRY@D_w8v!(}NyEEu?eC1QdmE}#jF=H%KZBD;m(x55zrLpy|_mtN^$Fn4| zqCb**c=4I@zaJk|*Z;}k@$q*3KgIL-`u}D6NFB7vIwV9RuY5MJ;y`3v5@$JCO72r% zI(pZ9_0>!8x##6@z(JA?P`}%qt)+w$LE;5e;E+V#BuxUZSsC=Ad%Q@4cHE-A^1`^O zwWEWhgDSMA)fnn}bP>x!f5O-#B5>&&F&ug$9N{=1si%%z5DF{C(bCxg%kTF239t|m z@k;)}+sS#X$@%>2zriP5@82D8g8%&Yzun$RHUDGp_@H;P<^NCdRPrzcSm20Fe6_6Q z9x#QxJC;VOUWD-h0_9=jSAC}7-sCoIiGpZ(t95RBRx8GMn6l1Np3_iAC%N|2`Zc5u z)D0=4NLr3?+;?!2SmDt8!$ZI8ghVAAfS0)|GL8{TNUUQ>nlv|HUsrO!W+VAiB@mix zQ)vew!H{iHZfw;{_J6q*c;TXpIpW#Kv!X=g&gEgQ97HrWR{hVo+O>UW%JOTNvPqCy z>`G*(fgEFDx_#%Xf^ruIlgU_A>qtD$Fc&24h$)#7!#%j9s-Qz>6ZK*ku?ZW>l2d|1 zKZz&K4VmAuG=y`93M}a%b95+z5Xq16IK^C~Ss=2MI5SL(>>M5_)?3#QA6ixdkonM?ToX+k#$27!_gmh2c}1kf2l zcT+5s!SN-_1VP_lzR9OY$Io$gPzq+pv9|OqT)R+!<7WaX4|in;%QAtmKxr03`_HLB zcPxuSXD2rry~9+Pz$$uwRh_GtJb73Fi7{F1eL~_ZIXpRoOu1VjDo~c}LZA-LW`xBA zhR1WCr6j~c!(;(0n6raIF1 zz$!?M@_>a)7KDRy~RWlRiNKDBWAa(0{@bfr8?b@YH4ozcL;&#O!A z&4p8fw28j)+7qFD0J6W_4jB;VcaU}IY7KenyG#sFhpY#u)PW{_Zr$TG7B4kBP;Q&0u&ESec zRc8RIWkb&i*+-+yd^Q0mbQoK3V@XIlqbeM=u7SucN#|k;K^A0>x$|3~4cF!LsBX;! z)S3=(ta>-DaSDQ5SAsMF&{0GRRO(2T?%tl1tBU{@#;bj((_KKmv@ry%(pN<>lhpE2 zUuUt<{(FdHLG=qI91d01MLs}3{j5`<4{<~>C;6*H-&^B^4s+4M#hG9{z!8lno!kD1 z2;5h9(xCfMUBKPYFr*X0g{BRO1eZ^7|LE97bgYXQlYJ>WBlT5I$rL>g8G85r8YL+i z(|ff<6|V&W7bEw-+}(go?qm?r8-m>1o`3Mtg#cuQ==f`f=jx1z<(ZG%3palqsVg*>#$%@5N}fI(Qxb(moqo4_>~(uyw}0I`8gvf_-J}2Mo(#HO zO*)`aPKR>Q50Kk~xUVcELtdE8fFTD^a&b5<-j?tK{xVd|hb1(*id-TZV6KvwRuoWG z)e|V4++KI)=BS$ip}EJ0Z>dHBFrY!TK<^v)t|+O7TCM)NPcS%)rV50u;uC4(K#fT^gIyG|{_#-Ly)dFU{WjH>bwb_|VYxxbb64#%M( ziG^fk3J*I0Nd-9G0mn~LdW!`a-jKO|srO&)Z9E)DSf#g+_2j;b1>r->Q+Y_^P`+h4 zd1FntX%@Ysq5@;t5LZ96FCX^uM77$vkj9gy!A5LCj=kx#4IL0d{gcWAQ{gb@FVaPIA6e z*v;&qD-cxXx!|IQb`IiS?(%Bf(v>d=RBSkrs`FxgQ=t8b4ts~kWjCV3mj_3O2i=3d z($I*=B-?BL5!k8ElP_tLuZ) zT%n3SefqfwUr?wtX>0|3`>C3YR=xi8>1T-gQD_QqI7gg;W9@T!dKswW%U4#{I+yLw z`$#wVRjqaPSp#U-wP4=;mu506t^eVaL}ua!qslndH-ek4+? zi36x4(D4B%U5Y@=Tr!^TilD=?7J}0R2gL>m+*Xj2=UQ9w`rVZ*3t`I=66``)3r=TQ zq*Ocv-CdJAOb3QIB#Z)Occ`d^!6fF>%q%;;|t%b9xa4LDKOpNk@zmIOF9}Zent0l@D0VX-HBME*q^e znk`XK!z`6LHAPn~2Q;vtlG0iD1^k|c9j|fn)v-yb50(uP3aJ53Ni_5MRBeuBmzgFa z@KxH(#9Sn{mNyEIH@YvVm@D5bL*+863Vnd(2UC}}eur!^I*V`O7qQ*JuBQNeaX zZ!}jO8Oh6NPa7*GI29fn7dn*MJm$_$E6rpT%Z4=ms*M9+RSv$Y$c1?+$*oM0=4mYW zsb5qpkSQxZj~Khj66E3};ho!_i`>_F0k=uu&HLSjHtT4zuc~bxp0{<*zt=HMEMRsU z+cMk~X6gBa2=x59UCB3kM7=C_VIVDyxVsj?6zHpP_9Z~n>$NcS*LfroJ1Qz@We{j( zj7kRGkogLH%_wtxOOw;c=32_ucdZ2l>swul}rubbpL%rkmMt?^}pm$p~T>X#H zE;SCbQU(>EN`kZGg=#^!a76_6kHSu29|-JFeA&g{2Z!<#=AY8HZIqnk&n(OD1jirDcH@VFgF;5bPQoDtMzXwhV~UiCA>&@ zbVzHz&d))#Xh20YNBZKIARMcN1?9H#1Tqhsvqm3t zdlk0tVtNs;&nH3TePlLSPoAN!am#o0jT~aNs&(pKz23&WwitA)hkC=nbl?H)wa^@O zq^{lTxN9{~Qf;|ztLDnfiQ-2ZhwP5$fsmEuTNvi#ATW)EPJ$R`_bTx6z9WmMpr`7! z9fw6{u!|T5J+?M_NZCQyo+7UCQW)sE@&y@>NgxKu zeaEhJ|E{tW1nvC*xo5v-IC86)X#}H)t|Lp8l?;WairvzezJvLa&r0`y0al6k*7OBf zcK?5LSjqpT59;_J)xX} z9!A#KOOz|zi(ny#ssUW}+B7+nMnvE;0%-gT2}BNK?jh&w+!kNz6W zECrMri3zOMGM_onS8SI1o79jdQ92>9l<`QY;GSv6A|XXlrKJpTw2#Iqo8`D{hf~LX zvkx)Pn`x<5&M#>u%A?X(!B1&R0q~TCGLA3T^EwBa6+tXDt zmDsS|#;brf3^!adtk!m2fxWDYdW}UrSvPXXE#33A^wWATxTu$wBd?UD%E#=MPFFpp zFM>g@aJRVPYw4_Z6 zEB`&oQ=LVpsR(Hhgc=gwABk_ zd$Y{*N=UNqDHe1Om%NMncindEBa{b-u{;LRgzXzQ-BrlMn!|_Did}Ivf-xM#()(x! z?{{k~qy@vO`>Y}>EVTOgN`A}xU9pwgeAgzW9jdxlbWsbwU1U*oWw}nG+-7Y;9@?N+ z@Fsr=v@3#dd$kwk<=a#3>h7#UIi+T5{JasSJbPr`g=ZoryK99^E^k&v7U(Ib*N`3sOhcRd_uHrHm>pQ1`3+++As29ui-j3Fbysna0bSx#3YsK_a=?!10w4ruDKM3=2kQ3FBubG(}*ZiDTQN%Vp)93-?8`-yn#y}D-jXR0>cTdri;nx z^`d19(OZX^HSk&9XnV7hz<9dcLjbDmX$G*D-Iv{k`@g~~jS1%$DI1j{NJ?0~A)*|6 zGQncHfEeq?o(?JnIGorU-I|W~K3P^lgXAP&XuFros z8@@Yzdv-8~ytI<=fNi=2jPb5UJP^tqotFzdaj%eSY@l^_qRu;-s{8b#?mo z;?3FR@bdJ!HX+M;u|unrI=E#~HY0DPBwIb%6>Pi~j;e`+=Q}26k-ahTY^3I&#JB!0 zHgliJUez~igVrr{D#aV<-h1esvAvr&!_m0$*QaCU9!ZIrG<8H$v3~n`D3S#|s4^Rj zp}1*ZG!9*=eCTUE0F!l z#o~urcDyAc)PnW4c(n!Q2F+%}i9%oH17{|ko0~;+^ zMV&SXk6~+TxBVdH0RUHD^34*2-M+dVTAinWdc(s?zftX}DtcI^!yAZ5%B&VgwPVf3 z1XjUUeNHPg(XhU)_+2YNy)l2?ocOD4+HU)zS~xF9cti`gv=T%mZ3+v?X=6j} zJ6pN2m3Oz5;7eFp&&|TMp_5HLI&d%xRS082H-S>MxiYA=7aJw$e1R5*WT>U;Trj3` z(#~r8C6G5rd%6VRQfSDfAeT$G0=>0b$e)$&|ECGwBn;LfZq-y`&JvrFs|9O(YE^?Mvr$xzWRy%+f8DjjK7b>bzuXC$&QK${9z0@5rlJR$=3?8T*1 z;;H_=1Sf003D#Jxg%fWu=X_B0nx{;oSM28gHp_=rigaFtCTg$~S#7Krkok z2Iw|D2-9xj%5lV^&;%Cj`u(oo1)p-bR3_dC2R9@Rxv$$P2bi~$0OhWXol-w0`0~MF zuNr*$;6?xNY(&ylGmj;ff$cD_V-jaoUub*Mt}d~~6*5c2yeUrD_}4Jb z8P1gP#*R$E#@(!G`dmCF{R`ba-6T|84WXKh5*8F%C{T z!hv68Td5w9;j>)EETzA}8Ob_TtCf7oBJvL!hcupSu#yv=thi`X77?wQ!wLN+Wm&QS zPRFR}E?FL3;$cwnZ1f8WgceOzV^<}g0ZZ?v{2i){a78RW4f>Rr?d8bR15+m4R{kug zrM^83iju*NY&bMV)zAkeT&24j=>i!iHH;}}a&3&l(FK@1LQBdr{YemJPHxN1zsD>c zK@RP!IS)jnhxcsnnf%5TrD|~(F49Xz+%tSXK*vW%2ezH(jK+nxn4Gx*dYf@^nZ>8v zL3uLJ*C|WvZC!PI`sR(J4avXfCh1$P8Es>3N|vFl^;n19D+7tj1L5QijkEi5gV5M% zEQyV0NfHrxNW@V=jgN;R%P`9;EHU6094cPZR1v94>J6#2J(L@ncqn9d@f}XX(~EOe zP*NxtBo;qF)2|{-XVxbDrMZ0jv(o-AnX9MMVI~od9~cN~$^PH#A0Jir|Ncq8yWRhv z;(7W_$)=+kvt2b>$K%N9YSU{x!j!TN`b82zJMgZ(TcV#__viXHr%j*ATU$iAs0#DT z09c;ua8=0i9lUP3wQkQP124~V>MN`ARzS@}Ggv^8{NoObV7j&4_-xPW{Qs7cJCd$* z4qSHrJ3Ow%e>mFm|EGD@;Qy}_Gu&_+P~`MzOne1iocr%{CF#Xs!e}gbeje#WY_bwN zTA{Oivnra0KXmj7iCDc6MkM8$A*w(>j|Bn@DPgG?vs4PJ<#q!|g{2E}QEiai3lf6{ z(A`&gYnr+UF`2QL6OF{;a;G%d{5uy|kZ~6ARr!7esF8fxIJGH@e_^x6(oJ(3&x^GDkJv^NvR>LhhsStQx!?hVrNbLK!mT9NY2C?7t6n(?6LCxzkvdH z+5UgruigLjxBLIoJYQ=6-){VCZv5KZ;on9CXdUk(3j@vlJdIdTnT(J`#LUYRiw&)P z{#ywU51o%cv4FAi{y$QedF!Zwm)d_EpH%k$!~XHs|KmxXHTA!nU+w;Z)WA=8bzB;C zafjS`gZw#c$xBS;q3i!M=>K}%qw4za9UX1$zn5M?%nh6<6-m1epcH5O%lA%AbS!Wp-z0)xd*Vm<5>M<%ecr8nw=aW=lTksj=RfB zL6~7&&b=;Wwzl%N4`!ai!Q`XzvNUS*r&JxGPoD;z&O(pNH9U2z-l?AlutD=zjgfW1 zZuI?LEc$8kYf68ySh#4aXs?*%Ug!%N74yVMBH-cN7D};Nx-{%OQvLdI1WW)y5hOJk z$qqJO?HZDpXb1i4S1RUqTOyURtg>Rf`_@SJtM^+9c3;O{Ibl&dzg(1^XsNhvofyny zf{eR@aNAbZmTVhEz%RWM{(C+Tk^gkC*awS&%kKXUdNu!#{>k?K?@69z@}E&D|KY{J zEel!eS!w;>k&!3m8gIQs;LFzkaV`IM|Kw}h?R5&%zE0aP z%vQ-e5UmIxA3y@7PLi_wxmsG!{?8vq%hkC4MT!F&PdcyU&rKpfsAt*wKk0VM>%Vt= zyj}lK^Hg*v0Twu76SE2^>rBCS-HOFlFT(f$L7ZpntEMaYS$hzYaDepN=5iL70BZD9 z613*Rsakwm@nWc06K<7b;Uvj__WXms-*rO5gOnypfqsg9&1i6gBq<2=-tY36nQlESWHkzX3TdGx}H*wD2M1&Ny@@3fI7csID+x}=#q>{iUiBU z``z8$`M*Ga8gw}}NaY_Afoa5jN1t@{$Zjj+*mV9Eu78!ee`5x)?EbfVT+#pbPI|qq z{m+v;Ny=_%NYVjPWatDc#i35W<2pM#=p74*-kpIo6BZ)OIi181-*{(7(sdECvK$#P zWC8DFoTT0)qao>7q2MWtJI>CIQ;8n`Nw)Zga)HG1Li4+~y3tW?QRxczM;(IL?0cy-ar}WZMa)f54BGSSA z6fb+N@=;vs%%3`cZfM@-rsE$Wj$$?8=K1&?6BjArDynoXDXRn$A)E$N9ie&_9v==+ zUjcCNvU_iSBuQ|57!mbTcmK|w1*KvwO{C4`(-GF0a*H5ACgO>s2x*{FaqH}*Ig9Sh zXqvK=gkFj5c?COl5E6KjGdP5H5KnM?C0L3lj%bnb$_+#TU? zLQ)s#)MC+qD+g6u8X#4^YO1Y*s1RPHOAC^0fO=iI8#M;|7$7J}%D4c;tL_Hq=o{+f zKdtDPKm#}k26?Iv9N~o9XbhTyN`Gu6FwQgNC+B-gealAcb|4Tg!_y0lzFw7I2 zh~&Ytz>@v{s2=~Zci7+V|4;IK{MgycQxEANyDgh|z~X=;f_KUZla(akB`kzAFCDbk z(N-KG8Pk{`*G@{L?^o-2it?ycSxV!{RWK!C7SVWeK8acW`s|(r8OZE)ErH$SWlLk$ z#axm~S^Tj&yl87p_h=pWTT#;vbYq?!DWur(wy+4MXZJ};I4^F(QIYEpF0#whDn*4- z8Z9X`NonWY&YY=E0fSOVUKKayuQz1AkN$d#BQ*G`sz{NIqoyo!6M>#Xo!=3S#V+cW zOF{e?*>XLbeZvjvf>(dFu_XaC*}y7*HpoADkx~<0rGq9UlsmO5=vgphtK=_R3GoIu z3U@W!G}}1Y{GZ(nmO zQpHk+Z!JL@hva@A{gnzbvsd9Nlj^C%d--s;($bQvLH6h`U|D$?^Qw{Qt0HQ}l?&8Y zAu#V-9C0~No?I->zv&uI1b^W1`^A#G5ihm z?K`y-s=0hoW-DItRh<{qJ?J~xP<}A5^uFkKB+@Jn(D4EMNoQBtcuen+>(yaZ@V$a~ z4+s|-inA!17gt3HCka6AJ3kWDI+Pc(4><~sMkK(HMvBddtptbhjwy*kj&Mp)L}yee zA1X1W96cY+0T-{|UCFXEo*xlJ~I1@P@t;Idh@;LI_hS}9%q7qFJzJ{Z7am3aTb z-AZe!--poI;`Q+(m_=};%^cL6;xNpy16MAfMF*WfXdd{!Ba4hk#P0NKJ4di!=#Hf~ z5yK%z0m~v;6mccT7y@LR*e%xSr7g*^2VreN%5d$gXV=lfz(CiPFUWXI0x>}DJEr9* zxVkPx5cfrghMhoj9K z3y@`?n3bWcTlmS3P}bpO*|1g~+S1|a{;Cd9^5HZj0Z#K^WgQy-qL`$W;}9uVg&7f3 zlBtx4L5dSn%EeeOqZ#nDi!Mw)ZzfbedYdL`Nt2-{ zR+~2zXEV4G9w1jjp=Wb}2<$8Op9-MG1$V`FNPic2f8KGS4r@D;g1noPV6Y{^sm*cy{sa+1sL{_cAZR$+E*8+?}k^`?=Mfk zIU8R8^WvHjypzC3+(cGXzB zPE5)Sz%MKSDx_uF|9`(fyZq>wN>!%ay0PP;fkmqNmO9Nki-zQ8ss|I#^Od6dV&YOOC6dm^SNa5rlu)m$^>n%O zuy&rQr%G)VnNSlCs@TU_?KGZJY|Ho;sD9Y4-cZ)(xKv`{?u$^#)~*G%(m`$+c=nO9 z5jwj-D{vbuU@JRRZN;{THcb{`KB>}Io9URfwgdS>(TlQyRy}yhZQxWrpygxIRe@30 zI{M)i&wm?bfLwC^J2*P3$A9W?<3Bygvoed^+)40Hbx!=OaZ&$Nn0V~)s4atkP(sZW z+WS0-&Hh|7w_#Gx*1`T^a(Vu#rem8j^j{@qXemjkl@|0*m0 zhuv-d?=GVEBzvgRG*Q!;^sGbUU9NnGQP_-!3ur1bI zh;m1uj~`b;w=Vyv=03G&#r3~Y1i)qXKPUD0@BMB5|EGB#82it-A+Ne(8$L6SUEJS za^2G{V6R ziNk$#2UbJ~8;S#Lgt|Tdp@AutC*)eYNu`0uB#1|uZ3UU1dw5#<*XDq`%@rOt-48^+ z-p~UUsZRdj$FRD$Yd%w6%ZNN3Q_#LEdg0X8R{plS3R~Nqq)AY2_o&;{u6|o>clBwl z@&ASUzdt3>jDq{bCVR{>`TwXI|G#(A-R}QS^X#AtEaVOX_IqlsRVe*YMx#)2>jVck zctW`E?5GeYn!j_zrzDEdBw{0FK||xozFd4*&|3nxtk!!Rht3X)$wWm`d7h+XOz%mE z?x>ie|F!F*_i;2wEQXpABzc}j5siuO_^+>qSAwO)*+H+^Y{p{r!>cP4(v&;?go+OQ zSAp;NquBQOl z|D7H515PQ+I68lQ#vNbhx^sLQ65LV6Q}&DF-|~Qkr1NKRm0!62FV9Y2zdiG3;bwg- zJ^%N5)%Z{S?fL&{9wX8@&MCT7w4lwsN0^fku^1#bE%#XwHB`i;Qg9>&;go#EBvd2H zt~iR=9h$QYOn_6l@8dW`GZs_9QWR1yQaZ{63DJxODKjzDe8>4a+S_}_1R3n@q3bD; zK+(Vk!w94{9CuS1OiduB!lWKT*W_WDeDpmhFt(q{0iS+;z9=};E(%$Yfu0fi5)6ez xWn&~jFd0RYp77i0hc literal 0 HcmV?d00001 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/Chart.yaml b/charts/rancher-istio/100.2.0+up1.12.6/Chart.yaml new file mode 100644 index 000000000..9df5a57fc --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/kube-version: 1.19 - 1.22 + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0' + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: istio + catalog.cattle.io/upstream-version: 1.12.6 +apiVersion: v1 +appVersion: 1.12.6 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 100.2.0+up1.12.6 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/README.md b/charts/rancher-istio/100.2.0+up1.12.6/README.md new file mode 100644 index 000000000..2230c6185 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/README.md @@ -0,0 +1,79 @@ +# Rancher-Istio Chart + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. + +See the app-readme for known issues and deprecations. + +## Installation Requirements + +#### Chart Dependencies +- rancher-monitoring chart or other Prometheus installation + +#### Install +To install the rancher-istio chart with helm, use the following command: +``` +helm install rancher-istio --create-namespace -n istio-system +``` + +#### Uninstall +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:** +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +## Addons +The addons that are included with rancher-istio are: + +- Kiali +- Jaeger + +Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon. +### Kiali Addon + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Kiali Dependencies +##### rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +#### Prometheus Configuration for Kiali +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### Kiali External Services + +The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing. + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger Addon + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. diff --git a/charts/rancher-istio/100.2.0+up1.12.6/app-readme.md b/charts/rancher-istio/100.2.0+up1.12.6/app-readme.md new file mode 100644 index 000000000..d5ebeedec --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/app-readme.md @@ -0,0 +1,43 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). +## Warnings +- Upgrading across more than two minor versions (e.g., 1.6.x to 1.9.x) in one step is not officially tested or recommended. See [Istio upgrade docs](https://istio.io/latest/docs/setup/upgrade/) for more details. + +## Known Issues + +#### Airgapped Environments +**A temporary fix has been added to this chart to allow upgrades to succeed in an airgapped environment. See [this issue](https://github.com/rancher/rancher/issues/30842) for details.** We are still advocating for an upstream fix in Istio to formally resolve this issue. The root cause is the Istio Operator upgrade command reaches out to an external repo on upgrades and the external repo is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402) + +#### Installing Istio with CNI component enabled on RHEL 8.4 SElinux enabled cluster. +To install istio with CNI enabled, e.g. when cluster has a default PSP set to "restricted", on a cluster using nodes with RHEL 8.4 SElinux enabled, run the following command on each cluster node before creating a cluster. +`mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni` +See [this issue](https://github.com/rancher/rancher/issues/33291) for details. + +## Deprecations + +#### v1alpha1 security policies +As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/ + +If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version. + +> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to: +``` +Error: found 6 CRD of unsupported v1alpha1 security policy +``` +``` + Error: found 1 unsupported v1alpha1 security policy + ``` + ``` + Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x + ``` + Continue with the migration steps below before retrying the upgrade process. + +#### Migrating Resources: +Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post"). + +You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps. diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml new file mode 100644 index 000000000..06db4b772 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.44.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.44.0 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl new file mode 100644 index 000000000..fac58a4b6 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,203 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified instance name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride. +For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali, +use fullnameOverride, otherwise use deployment.instance_name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }} + {{- .Values.fullnameOverride | trunc 63 }} +{{- else }} + {{- .Values.deployment.instance_name | trunc 63 }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: kiali +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +{{- $releaseName := .Release.Name -}} +{{- $fullName := include "kiali-server.fullname" . -}} +{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} +app.kubernetes.io/name: kiali +{{- if (and .Release.IsUpgrade $deployment)}} +app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} +{{- else }} +app.kubernetes.io/instance: {{ $fullName }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- if (eq .Values.server.web_root "/") }} + {{- .Values.server.web_root }} + {{- else }} + {{- .Values.server.web_root | trimSuffix "/" }} + {{- end }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default deployment.ingress.enabled. Disable it on k8s; enable it on OpenShift. +*/}} +{{- define "kiali-server.deployment.ingress.enabled" -}} +{{- if hasKey .Values.deployment.ingress "enabled" }} + {{- .Values.deployment.ingress.enabled }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- true }} + {{- else }} + {{- false }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the root namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.external_services.istio.root_namespace" -}} +{{- if .Values.external_services.istio.root_namespace }} + {{- .Values.external_services.istio.root_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml new file mode 100644 index 000000000..4d291afda --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/configmap.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.external_services.istio "root_namespace" (include "kiali-server.external_services.istio.root_namespace" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml new file mode 100644 index 000000000..83c8f0a9c --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/deployment.yaml @@ -0,0 +1,193 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/dashboards: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.deployment.host_aliases }} + hostAliases: + {{- toYaml .Values.deployment.host_aliases | nindent 6 }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- range .Values.deployment.custom_secrets }} + - name: {{ .name }} + mountPath: "{{ .mount }}" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} + optional: true + {{- end }} + {{- range .Values.deployment.custom_secrets }} + - name: {{ .name }} + secret: + secretName: {{ .name }} + optional: {{ .optional | default false }} + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.deployment.tolerations }} +{{ toYaml .Values.deployment.tolerations | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.deployment.node_selector }} +{{ toYaml .Values.deployment.node_selector | indent 8 }} +{{- end }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml new file mode 100644 index 000000000..934c4c1e9 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml new file mode 100644 index 000000000..27807fc3d --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if eq "true" (include "kiali-server.deployment.ingress.enabled" .) }} +--- +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} +apiVersion: networking.k8s.io/v1 +{{- else }} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- if .Values.deployment.ingress.additional_labels }} + {{- toYaml .Values.deployment.ingress.additional_labels | nindent 4 }} + {{- end }} + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Values.deployment.ingress.override_yaml.metadata.annotations }} + {{- toYaml .Values.deployment.ingress.override_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.ingress.override_yaml "spec" }} + {{- toYaml .Values.deployment.ingress.override_yaml.spec | nindent 2 }} + {{- else }} + {{- if .Values.deployment.ingress.class_name }} + ingressClassName: {{ .Values.deployment.ingress.class_name }} + {{- end }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: Prefix + backend: + service: + name: {{ include "kiali-server.fullname" . }} + port: + number: {{ .Values.server.port }} + {{- else }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} + {{- if not (empty .Values.server.web_fqdn) }} + host: {{ .Values.server.web_fqdn }} + {{- end }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml new file mode 100644 index 000000000..f891892cc --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml new file mode 100644 index 000000000..2adbe00f0 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +{{- if .Values.kiali_feature_flags.clustering.enabled }} +- apiGroups: [""] + resources: + - secrets + verbs: + - list +{{- end }} +{{- if .Values.kiali_feature_flags.certificates_information_indicators.enabled }} +- apiGroups: [""] + resourceNames: + {{- range .Values.kiali_feature_flags.certificates_information_indicators.secrets }} + - {{ . }} + {{- end }} + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml new file mode 100644 index 000000000..706b95625 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml new file mode 100644 index 000000000..4ce52ee1d --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/role.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + - patch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - patch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - patch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100644 index 000000000..5a0015836 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml new file mode 100644 index 000000000..8325c14a7 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/route.yaml @@ -0,0 +1,34 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if eq "true" (include "kiali-server.deployment.ingress.enabled" .) }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- if .Values.deployment.ingress.additional_labels }} + {{- toYaml .Values.deployment.ingress.additional_labels | nindent 4 }} + {{- end }} + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if .Values.deployment.ingress.override_yaml.metadata.annotations }} + annotations: + {{- toYaml .Values.deployment.ingress.override_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.ingress.override_yaml "spec" }} + {{- toYaml .Values.deployment.ingress.override_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + name: {{ include "kiali-server.fullname" . }} + port: + targetPort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml new file mode 100644 index 000000000..b57229342 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/service.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ include "kiali-server.server.web_root" . }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{ include "kiali-server.server.web_root" . }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml new file mode 100644 index 000000000..549959e26 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/kiali/values.yaml @@ -0,0 +1,116 @@ +# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead. +# This is only supported for backward compatibility and will be removed in a future version. +# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali", +# then 'deployment.instance_name' will take the value of 'fullnameOverride' value. +# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used. +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_secrets: [] + host_aliases: [] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + image_digest: "" # use "sha256" if image_version is a sha256 hash (do NOT prefix this value with a "@") + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.44.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash + ingress: + additional_labels: {} + class_name: "nginx" + #enabled: + override_yaml: + metadata: {} + instance_name: "kiali" + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: + requests: + cpu: "10m" + memory: "64Mi" + limits: + memory: "1Gi" + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.44.0 # v1.39 # v1.39.0 # see: https://quay.io/repository/kiali/kiali?tab=tags + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + istio: + root_namespace: "" + +identity: {} + #cert_file: + #private_key_file: + +kiali_feature_flags: + certificates_information_indicators: + enabled: true + secrets: + - cacerts + - istio-ca-secret + clustering: + enabled: true +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml new file mode 100644 index 000000000..94b2f4493 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.32.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.32.0 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md new file mode 100644 index 000000000..25534c628 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl new file mode 100644 index 000000000..bf6a9aee5 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl new file mode 100644 index 000000000..09c6b0546 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml new file mode 100644 index 000000000..59928735f --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HOST_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml new file mode 100644 index 000000000..44b230492 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml new file mode 100644 index 000000000..9b4c55e4f --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml new file mode 100644 index 000000000..4210a9b5f --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml new file mode 100644 index 000000000..d01450233 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/charts/tracing/values.yaml @@ -0,0 +1,50 @@ +provider: jaeger +contextPath: "" +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: + kubernetes.io/os: linux + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.32.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml b/charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml new file mode 100644 index 000000000..4f676b778 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/configs/istio-base.yaml @@ -0,0 +1,126 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + k8s: + nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 12 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 12 }} +{{- end }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + k8s: + nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 12 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 12 }} +{{- end }} + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 12 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 12 }} +{{- end }} + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + k8s: + nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 12 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 12 }} +{{- end }} + pilot: + enabled: {{ .Values.pilot.enabled }} + k8s: + nodeSelector: {{ include "linux-node-selector" . | nindent 12 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 12 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 12 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 12 }} +{{- end }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml b/charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml new file mode 100644 index 000000000..943a08326 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: +- condition: kiali.enabled + name: kiali + repository: file://./charts/kiali +- condition: tracing.enabled + name: tracing + repository: file://./charts/tracing diff --git a/charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml b/charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl b/charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl new file mode 100644 index 000000000..30b429a80 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/_helpers.tpl @@ -0,0 +1,27 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml new file mode 100644 index 000000000..d8c6b40a4 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrole.yaml @@ -0,0 +1,132 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - extensions.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - telemetry.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml new file mode 100644 index 000000000..5b94c8503 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml new file mode 100644 index 000000000..c2e362e68 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-job.yaml @@ -0,0 +1,66 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + {{- if .Values.installer.releaseMirror.enabled }} + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "github.com" + {{- end }} + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + - name: RELEASE_MIRROR_ENABLED + value: {{ .Values.installer.releaseMirror.enabled | quote }} + - name: SECONDS_SLEEP + value: {{ .Values.installer.debug.secondsSleep | quote}} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + securityContext: + runAsUser: 499 + runAsGroup: 487 + restartPolicy: Never diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml new file mode 100644 index 000000000..f0b5ee565 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml new file mode 100644 index 000000000..b3758b74f --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..0091d0c17 --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/istio-uninstall-job.yaml @@ -0,0 +1,53 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml b/charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/100.2.0+up1.12.6/values.yaml b/charts/rancher-istio/100.2.0+up1.12.6/values.yaml new file mode 100644 index 000000000..a002f87ac --- /dev/null +++ b/charts/rancher-istio/100.2.0+up1.12.6/values.yaml @@ -0,0 +1,98 @@ +overlayFile: "" +tag: 1.12.6 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.12.6-rancher1 + ##releaseMirror are configurations for istio upgrades. + ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal + ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets. + releaseMirror: + enabled: false + + ##Set the secondsSleep to run a sleep command `sleep s` to allow time to exec into istio-installer pod for debugging + debug: + secondsSleep: 0 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.12.6 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.12.6 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.12.6 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.12.6 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + use_grpc: false + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] diff --git a/index.yaml b/index.yaml index 49033856f..8e08d8ddf 100755 --- a/index.yaml +++ b/index.yaml @@ -3443,6 +3443,41 @@ entries: - assets/rancher-grafana/rancher-grafana-6.6.401.tgz version: 6.6.401 rancher-istio: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/kube-version: 1.19 - 1.22 + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0' + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: istio + catalog.cattle.io/upstream-version: 1.12.6 + apiVersion: v1 + appVersion: 1.12.6 + created: "2022-04-14T17:42:18.045851896+05:30" + dependencies: + - condition: kiali.enabled + name: kiali + repository: file://./charts/kiali + - condition: tracing.enabled + name: tracing + repository: file://./charts/tracing + description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. + digest: 1e84f4c0424fb83abe174e4cfbea0ec3670ced177e7cd59647809a6eb1f51ed9 + icon: https://charts.rancher.io/assets/logos/istio.svg + keywords: + - networking + - infrastructure + name: rancher-istio + urls: + - assets/rancher-istio/rancher-istio-100.2.0+up1.12.6.tgz + version: 100.2.0+up1.12.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio