andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Port over istio 1.9.600 and rancher-webhook 0.1.100+up0.1.1

pull/1367/head
Brenda Rearden 2021-07-19 16:26:34 -07:00
parent 7ca85d8817
commit d832d0e0c2
83 changed files with 3481 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-istio-1.9/rancher-istio-1.9.600.tgz Normal file
View File

Binary file not shown.

BIN
assets/rancher-webhook/rancher-webhook-0.1.100+up0.1.1.tgz Normal file
View File

Binary file not shown.

21
charts/rancher-istio-1.9/rancher-istio/1.9.600/Chart.yaml Normal file
View File

@ -0,0 +1,21 @@
annotations:
catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Istio
catalog.cattle.io/namespace: istio-system
catalog.cattle.io/os: linux
catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
catalog.cattle.io/release-name: rancher-istio
catalog.cattle.io/requests-cpu: 710m
catalog.cattle.io/requests-memory: 2314Mi
catalog.cattle.io/ui-component: istio
apiVersion: v1
appVersion: 1.9.6
description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
for details.
icon: https://charts.rancher.io/assets/logos/istio.svg
keywords:
- networking
- infrastructure
name: rancher-istio
version: 1.9.600

69
charts/rancher-istio-1.9/rancher-istio/1.9.600/README.md Normal file
View File

@ -0,0 +1,69 @@
# Rancher Istio Installers
A Rancher created chart that packages the istioctl binary to install via a helm chart.
# Installation Requirements
## Chart Dependencies
- rancher-kiali-server-crd chart
# Uninstallation Requirements
To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal.
If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error::
`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"`
# Addons
## Kiali
Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard.
#### Dependencies
- rancher-monitoring chart or other Prometheus installation
This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation.
> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding.
The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces.
To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources.
1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape.
1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces.
#### External Services
##### Prometheus
The `kiali.external_services.prometheus` url is set in the values.yaml:
```
http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }}
```
The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance.
##### Grafana
The `kiali.external_services.grafana` url is set in the values.yaml:
```
http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }}
```
The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance.
##### Tracing
The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml:
```
http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }}
```
The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance.
## Jaeger
Jaeger allows you to trace and monitor distributed microservices.
> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs.
# Installation
```
helm install rancher-istio . --create-namespace -n istio-system
```

45
charts/rancher-istio-1.9/rancher-istio/1.9.600/app-readme.md Normal file
View File

@ -0,0 +1,45 @@
# Rancher Istio
Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes:
* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh
* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead.
### Dependencies
**Rancher Monitoring or other Prometheus installation**
The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement.
### Customization
**Rancher Monitoring**
The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces.
To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources.
1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape.
1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces.
**Custom Prometheus Installation with Kiali**
To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance:
```
http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }}
```
**Custom Grafana Installation with Kiali**
To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance:
```
http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }}
```
**Custom Tracing Installation with Kiali**
To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml.
This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.:
```
http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }}
```
For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/).

31
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/Chart.yaml Normal file
View File

@ -0,0 +1,31 @@
annotations:
catalog.cattle.io/auto-install: rancher-kiali-server-crd=match
catalog.cattle.io/hidden: "true"
catalog.cattle.io/os: linux
catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1
catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1
catalog.rancher.io/namespace: cattle-istio-system
catalog.rancher.io/release-name: rancher-kiali-server
apiVersion: v2
appVersion: v1.32.0
description: Kiali is an open source project for service mesh observability, refer
to https://www.kiali.io for details. This is installed as sub-chart with customized
values in Rancher's Istio.
home: https://github.com/kiali/kiali
icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png
keywords:
- istio
- kiali
- networking
- infrastructure
maintainers:
- email: kiali-users@googlegroups.com
name: Kiali
url: https://kiali.io
name: kiali
sources:
- https://github.com/kiali/kiali
- https://github.com/kiali/kiali-ui
- https://github.com/kiali/kiali-operator
- https://github.com/kiali/helm-charts
version: 1.32.1

5
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/NOTES.txt Normal file
View File

@ -0,0 +1,5 @@
Welcome to Kiali! For more details on Kiali, see: https://kiali.io
The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon.
(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}])

192
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,192 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kiali-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kiali-server.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- printf "%s" $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kiali-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Identifies the log_level with the old verbose_mode and the new log_level considered.
*/}}
{{- define "kiali-server.logLevel" -}}
{{- if .Values.deployment.verbose_mode -}}
{{- .Values.deployment.verbose_mode -}}
{{- else -}}
{{- .Values.deployment.logger.log_level -}}
{{- end -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kiali-server.labels" -}}
helm.sh/chart: {{ include "kiali-server.chart" . }}
app: {{ include "kiali-server.name" . }}
{{ include "kiali-server.selectorLabels" . }}
version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: "kiali"
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kiali-server.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kiali-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Used to determine if a custom dashboard (defined in .Template.Name) should be deployed.
*/}}
{{- define "kiali-server.isDashboardEnabled" -}}
{{- if .Values.external_services.custom_dashboards.enabled }}
{{- $includere := "" }}
{{- range $_, $s := .Values.deployment.custom_dashboards.includes }}
{{- if $s }}
{{- if $includere }}
{{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }}
{{- else }}
{{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
{{- end }}
{{- end }}
{{- end }}
{{- $excludere := "" }}
{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }}
{{- if $s }}
{{- if $excludere }}
{{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }}
{{- else }}
{{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
{{- end }}
{{- end }}
{{- end }}
{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }}
{{- print "enabled" }}
{{- else }}
{{- print "" }}
{{- end }}
{{- else }}
{{- print "" }}
{{- end }}
{{- end }}
{{/*
Determine the default login token signing key.
*/}}
{{- define "kiali-server.login_token.signing_key" -}}
{{- if .Values.login_token.signing_key }}
{{- .Values.login_token.signing_key }}
{{- else }}
{{- randAlphaNum 16 }}
{{- end }}
{{- end }}
{{/*
Determine the default web root.
*/}}
{{- define "kiali-server.server.web_root" -}}
{{- if .Values.server.web_root }}
{{- .Values.server.web_root | trimSuffix "/" }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- "/" }}
{{- else }}
{{- "/kiali" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Determine the default identity cert file. There is no default if on k8s; only on OpenShift.
*/}}
{{- define "kiali-server.identity.cert_file" -}}
{{- if hasKey .Values.identity "cert_file" }}
{{- .Values.identity.cert_file }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- "/kiali-cert/tls.crt" }}
{{- else }}
{{- "" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Determine the default identity private key file. There is no default if on k8s; only on OpenShift.
*/}}
{{- define "kiali-server.identity.private_key_file" -}}
{{- if hasKey .Values.identity "private_key_file" }}
{{- .Values.identity.private_key_file }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- "/kiali-cert/tls.key" }}
{{- else }}
{{- "" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Determine the istio namespace - default is where Kiali is installed.
*/}}
{{- define "kiali-server.istio_namespace" -}}
{{- if .Values.istio_namespace }}
{{- .Values.istio_namespace }}
{{- else }}
{{- .Release.Namespace }}
{{- end }}
{{- end }}
{{/*
Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift.
*/}}
{{- define "kiali-server.auth.strategy" -}}
{{- if .Values.auth.strategy }}
{{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }}
{{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }}
{{- end }}
{{- .Values.auth.strategy }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- if not .Values.kiali_route_url }}
{{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }}
{{- end }}
{{- "openshift" }}
{{- else }}
{{- "token" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

13
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/cabundle.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kiali-server.fullname" . }}-cabundle
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
annotations:
service.beta.openshift.io/inject-cabundle: "true"
...
{{- end }}

24
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/configmap.yaml Normal file
View File

@ -0,0 +1,24 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
data:
config.yaml: |
{{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}}
{{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }}
{{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}}
{{- $_ := set $cm.deployment "namespace" .Release.Namespace }}
{{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}}
{{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }}
{{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }}
{{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }}
{{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }}
{{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }}
{{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }}
{{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }}
{{- toYaml $cm | nindent 4 }}
...

56
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/envoy.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: envoy
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Envoy Metrics
discoverOn: "envoy_server_uptime"
items:
- chart:
name: "Pods uptime"
spans: 4
metricName: "envoy_server_uptime"
dataType: "raw"
- chart:
name: "Allocated memory"
unit: "bytes"
spans: 4
metricName: "envoy_server_memory_allocated"
dataType: "raw"
min: 0
- chart:
name: "Heap size"
unit: "bytes"
spans: 4
metricName: "envoy_server_memory_heap_size"
dataType: "raw"
min: 0
- chart:
name: "Upstream active connections"
spans: 6
metricName: "envoy_cluster_upstream_cx_active"
dataType: "raw"
- chart:
name: "Upstream total requests"
spans: 6
metricName: "envoy_cluster_upstream_rq_total"
unit: "rps"
dataType: "rate"
- chart:
name: "Downstream active connections"
spans: 6
metricName: "envoy_listener_downstream_cx_active"
dataType: "raw"
- chart:
name: "Downstream HTTP requests"
spans: 6
metricName: "envoy_listener_http_downstream_rq"
unit: "rps"
dataType: "rate"
...
{{- end }}

67
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/go.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: go
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Go Metrics
runtime: Go
discoverOn: "go_info"
items:
- chart:
name: "CPU ratio"
spans: 6
metricName: "process_cpu_seconds_total"
dataType: "rate"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "RSS Memory"
unit: "bytes"
spans: 6
metricName: "process_resident_memory_bytes"
dataType: "raw"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "Goroutines"
spans: 6
metricName: "go_goroutines"
dataType: "raw"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "Heap allocation rate"
unit: "bytes/s"
spans: 6
metricName: "go_memstats_alloc_bytes_total"
dataType: "rate"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "GC rate"
spans: 6
metricName: "go_gc_duration_seconds_count"
dataType: "rate"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "Next GC"
unit: "bytes"
spans: 6
metricName: "go_memstats_next_gc_bytes"
dataType: "raw"
aggregations:
- label: "pod_name"
displayName: "Pod"
...
{{- end }}

44
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/kiali.yaml Normal file
View File

@ -0,0 +1,44 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: kiali
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Kiali Internal Metrics
items:
- chart:
name: "API processing duration"
unit: "seconds"
spans: 6
metricName: "kiali_api_processing_duration_seconds"
dataType: "histogram"
aggregations:
- label: "route"
displayName: "Route"
- chart:
name: "Functions processing duration"
unit: "seconds"
spans: 6
metricName: "kiali_go_function_processing_duration_seconds"
dataType: "histogram"
aggregations:
- label: "function"
displayName: "Function"
- label: "package"
displayName: "Package"
- chart:
name: "Failures"
spans: 12
metricName: "kiali_go_function_failures_total"
dataType: "raw"
aggregations:
- label: "function"
displayName: "Function"
- label: "package"
displayName: "Package"
...
{{- end }}

43
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: micrometer-1.0.6-jvm-pool
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: JVM
title: JVM Pool Metrics
discoverOn: "jvm_buffer_total_capacity_bytes"
items:
- chart:
name: "Pool buffer memory used"
unit: "bytes"
spans: 4
metricName: "jvm_buffer_memory_used_bytes"
dataType: "raw"
aggregations:
- label: "id"
displayName: "Pool"
- chart:
name: "Pool buffer capacity"
unit: "bytes"
spans: 4
metricName: "jvm_buffer_total_capacity_bytes"
dataType: "raw"
aggregations:
- label: "id"
displayName: "Pool"
- chart:
name: "Pool buffer count"
unit: "bytes"
spans: 4
metricName: "jvm_buffer_count"
dataType: "raw"
aggregations:
- label: "id"
displayName: "Pool"
...
{{- end }}

65
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml Normal file
View File

@ -0,0 +1,65 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: micrometer-1.0.6-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: JVM
title: JVM Metrics
discoverOn: "jvm_threads_live"
items:
- chart:
name: "Total live threads"
spans: 4
metricName: "jvm_threads_live"
dataType: "raw"
- chart:
name: "Daemon threads"
spans: 4
metricName: "jvm_threads_daemon"
dataType: "raw"
- chart:
name: "Loaded classes"
spans: 4
metricName: "jvm_classes_loaded"
dataType: "raw"
- chart:
name: "Memory used"
unit: "bytes"
spans: 4
metricName: "jvm_memory_used_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory commited"
unit: "bytes"
spans: 4
metricName: "jvm_memory_committed_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory max"
unit: "bytes"
spans: 4
metricName: "jvm_memory_max_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
...
{{- end }}

68
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml Normal file
View File

@ -0,0 +1,68 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: micrometer-1.1-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: JVM
title: JVM Metrics
discoverOn: "jvm_threads_live_threads"
items:
- chart:
name: "Memory used"
unit: "bytes"
spans: 4
metricName: "jvm_memory_used_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory commited"
unit: "bytes"
spans: 4
metricName: "jvm_memory_committed_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory max"
unit: "bytes"
spans: 4
metricName: "jvm_memory_max_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Total live threads"
spans: 4
metricName: "jvm_threads_live_threads"
dataType: "raw"
- chart:
name: "Daemon threads"
spans: 4
metricName: "jvm_threads_daemon_threads"
dataType: "raw"
- chart:
name: "Threads states"
spans: 4
metricName: "jvm_threads_states_threads"
dataType: "raw"
aggregations:
- label: "state"
displayName: "State"
...
{{- end }}

59
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/microprofile-1.1.yaml Normal file
View File

@ -0,0 +1,59 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: microprofile-1.1
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: MicroProfile Metrics
runtime: MicroProfile
discoverOn: "base:thread_count"
items:
- chart:
name: "Current loaded classes"
spans: 6
metricName: "base:classloader_current_loaded_class_count"
dataType: "raw"
- chart:
name: "Unloaded classes"
spans: 6
metricName: "base:classloader_total_unloaded_class_count"
dataType: "raw"
- chart:
name: "Thread count"
spans: 4
metricName: "base:thread_count"
dataType: "raw"
- chart:
name: "Thread max count"
spans: 4
metricName: "base:thread_max_count"
dataType: "raw"
- chart:
name: "Thread daemon count"
spans: 4
metricName: "base:thread_daemon_count"
dataType: "raw"
- chart:
name: "Committed heap"
unit: "bytes"
spans: 4
metricName: "base:memory_committed_heap_bytes"
dataType: "raw"
- chart:
name: "Max heap"
unit: "bytes"
spans: 4
metricName: "base:memory_max_heap_bytes"
dataType: "raw"
- chart:
name: "Used heap"
unit: "bytes"
spans: 4
metricName: "base:memory_used_heap_bytes"
dataType: "raw"
...
{{- end }}

38
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/microprofile-x.y.yaml Normal file
View File

@ -0,0 +1,38 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: microprofile-x.y
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: MicroProfile Metrics
runtime: MicroProfile
discoverOn: "base:gc_complete_scavenger_count"
items:
- chart:
name: "Young GC time"
unit: "seconds"
spans: 3
metricName: "base:gc_young_generation_scavenger_time_seconds"
dataType: "raw"
- chart:
name: "Young GC count"
spans: 3
metricName: "base:gc_young_generation_scavenger_count"
dataType: "raw"
- chart:
name: "Total GC time"
unit: "seconds"
spans: 3
metricName: "base:gc_complete_scavenger_time_seconds"
dataType: "raw"
- chart:
name: "Total GC count"
spans: 3
metricName: "base:gc_complete_scavenger_count"
dataType: "raw"
...
{{- end }}

59
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/nodejs.yaml Normal file
View File

@ -0,0 +1,59 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: nodejs
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Node.js
title: Node.js Metrics
discoverOn: "nodejs_active_handles_total"
items:
- chart:
name: "Active handles"
spans: 4
metricName: "nodejs_active_handles_total"
dataType: "raw"
- chart:
name: "Active requests"
spans: 4
metricName: "nodejs_active_requests_total"
dataType: "raw"
- chart:
name: "Event loop lag"
unit: "seconds"
spans: 4
metricName: "nodejs_eventloop_lag_seconds"
dataType: "raw"
- chart:
name: "Total heap size"
unit: "bytes"
spans: 12
metricName: "nodejs_heap_space_size_total_bytes"
dataType: "raw"
aggregations:
- label: "space"
displayName: "Space"
- chart:
name: "Used heap size"
unit: "bytes"
spans: 6
metricName: "nodejs_heap_space_size_used_bytes"
dataType: "raw"
aggregations:
- label: "space"
displayName: "Space"
- chart:
name: "Available heap size"
unit: "bytes"
spans: 6
metricName: "nodejs_heap_space_size_available_bytes"
dataType: "raw"
aggregations:
- label: "space"
displayName: "Space"
...
{{- end }}

33
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/quarkus.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: quarkus
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Quarkus Metrics
runtime: Quarkus
items:
- chart:
name: "Thread count"
spans: 4
metricName: "vendor:thread_count"
dataType: "raw"
- chart:
name: "Used heap"
unit: "bytes"
spans: 4
metricName: "vendor:memory_heap_usage_bytes"
dataType: "raw"
- chart:
name: "Used non-heap"
unit: "bytes"
spans: 4
metricName: "vendor:memory_non_heap_usage_bytes"
dataType: "raw"
- include: "microprofile-x.y"
...
{{- end }}

16
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: springboot-jvm-pool
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Spring Boot
title: JVM Pool Metrics
items:
- include: "micrometer-1.0.6-jvm-pool"
...
{{- end }}

16
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/springboot-jvm.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: springboot-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Spring Boot
title: JVM Metrics
items:
- include: "micrometer-1.0.6-jvm"
...
{{- end }}

16
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/springboot-tomcat.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: springboot-tomcat
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Spring Boot
title: Tomcat Metrics
items:
- include: "tomcat"
...
{{- end }}

22
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/thorntail.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: thorntail
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Thorntail
title: Thorntail Metrics
discoverOn: "vendor:loaded_modules"
items:
- include: "microprofile-1.1"
- chart:
name: "Loaded modules"
spans: 6
metricName: "vendor:loaded_modules"
dataType: "raw"
...
{{- end }}

67
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/tomcat.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: tomcat
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Tomcat
title: Tomcat Metrics
discoverOn: "tomcat_sessions_created_total"
items:
- chart:
name: "Sessions created"
spans: 4
metricName: "tomcat_sessions_created_total"
dataType: "raw"
- chart:
name: "Active sessions"
spans: 4
metricName: "tomcat_sessions_active_current"
dataType: "raw"
- chart:
name: "Sessions rejected"
spans: 4
metricName: "tomcat_sessions_rejected_total"
dataType: "raw"
- chart:
name: "Bytes sent"
unit: "bitrate"
spans: 6
metricName: "tomcat_global_sent_bytes_total"
dataType: "rate"
aggregations:
- label: "name"
displayName: "Name"
- chart:
name: "Bytes received"
unit: "bitrate"
spans: 6
metricName: "tomcat_global_received_bytes_total"
dataType: "rate"
aggregations:
- label: "name"
displayName: "Name"
- chart:
name: "Global errors"
spans: 6
metricName: "tomcat_global_error_total"
dataType: "raw"
aggregations:
- label: "name"
displayName: "Name"
- chart:
name: "Servlet errors"
spans: 6
metricName: "tomcat_servlet_error_total"
dataType: "raw"
aggregations:
- label: "name"
displayName: "Name"
...
{{- end }}

60
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/vertx-client.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: vertx-client
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Client Metrics
discoverOn: "vertx_http_client_connections"
items:
- chart:
name: "Client response time"
unit: "seconds"
spans: 6
metricName: "vertx_http_client_responseTime_seconds"
dataType: "histogram"
aggregations:
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Client request count rate"
unit: "ops"
spans: 6
metricName: "vertx_http_client_requestCount_total"
dataType: "rate"
aggregations:
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Client active connections"
spans: 6
metricName: "vertx_http_client_connections"
dataType: "raw"
- chart:
name: "Client active websockets"
spans: 6
metricName: "vertx_http_client_wsConnections"
dataType: "raw"
- chart:
name: "Client bytes sent"
unit: "bytes"
spans: 6
metricName: "vertx_http_client_bytesSent"
dataType: "histogram"
- chart:
name: "Client bytes received"
unit: "bytes"
spans: 6
metricName: "vertx_http_client_bytesReceived"
dataType: "histogram"
...
{{- end }}

59
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/vertx-eventbus.yaml Normal file
View File

@ -0,0 +1,59 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: vertx-eventbus
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Eventbus Metrics
discoverOn: "vertx_eventbus_handlers"
items:
- chart:
name: "Event bus handlers"
spans: 6
metricName: "vertx_eventbus_handlers"
dataType: "raw"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus pending messages"
spans: 6
metricName: "vertx_eventbus_pending"
dataType: "raw"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus processing time"
unit: "seconds"
spans: 6
metricName: "vertx_eventbus_processingTime_seconds"
dataType: "histogram"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus bytes read"
unit: "bytes"
spans: 6
metricName: "vertx_eventbus_bytesRead"
dataType: "histogram"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus bytes written"
unit: "bytes"
spans: 6
metricName: "vertx_eventbus_bytesWritten"
dataType: "histogram"
aggregations:
- label: "address"
displayName: "Eventbus address"
...
{{- end }}

16
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/vertx-jvm.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: vertx-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: JVM Metrics
items:
- include: "micrometer-1.1-jvm"
...
{{- end }}

68
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/vertx-pool.yaml Normal file
View File

@ -0,0 +1,68 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: vertx-pool
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Pools Metrics
discoverOn: "vertx_pool_ratio"
items:
- chart:
name: "Usage duration"
unit: "seconds"
spans: 6
metricName: "vertx_pool_usage_seconds"
dataType: "histogram"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Usage ratio"
spans: 6
metricName: "vertx_pool_ratio"
dataType: "raw"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Queue size"
spans: 6
metricName: "vertx_pool_queue_size"
dataType: "raw"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Time in queue"
unit: "seconds"
spans: 6
metricName: "vertx_pool_queue_delay_seconds"
dataType: "histogram"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Resources used"
spans: 6
metricName: "vertx_pool_inUse"
dataType: "raw"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
...
{{- end }}

62
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/dashboards/vertx-server.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: "monitoring.kiali.io/v1alpha1"
kind: MonitoringDashboard
metadata:
name: vertx-server
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Server Metrics
discoverOn: "vertx_http_server_connections"
items:
- chart:
name: "Server response time"
unit: "seconds"
spans: 6
metricName: "vertx_http_server_responseTime_seconds"
dataType: "histogram"
aggregations:
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Server request count rate"
unit: "ops"
spans: 6
metricName: "vertx_http_server_requestCount_total"
dataType: "rate"
aggregations:
- label: "code"
displayName: "Error code"
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Server active connections"
spans: 6
metricName: "vertx_http_server_connections"
dataType: "raw"
- chart:
name: "Server active websockets"
spans: 6
metricName: "vertx_http_server_wsConnections"
dataType: "raw"
- chart:
name: "Server bytes sent"
unit: "bytes"
spans: 6
metricName: "vertx_http_server_bytesSent"
dataType: "histogram"
- chart:
name: "Server bytes received"
unit: "bytes"
spans: 6
metricName: "vertx_http_server_bytesReceived"
dataType: "histogram"
...
{{- end }}

174
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/deployment.yaml Normal file
View File

@ -0,0 +1,174 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "kiali-server.selectorLabels" . | nindent 6 }}
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
name: {{ include "kiali-server.fullname" . }}
labels:
{{- include "kiali-server.labels" . | nindent 8 }}
{{- if .Values.deployment.pod_labels }}
{{- toYaml .Values.deployment.pod_labels | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.server.metrics_enabled }}
prometheus.io/scrape: "true"
prometheus.io/port: {{ .Values.server.metrics_port | quote }}
{{- else }}
prometheus.io/scrape: "false"
prometheus.io/port: ""
{{- end }}
kiali.io/runtimes: go,kiali
{{- if .Values.deployment.pod_annotations }}
{{- toYaml .Values.deployment.pod_annotations | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "kiali-server.fullname" . }}
{{- if .Values.deployment.priority_class_name }}
priorityClassName: {{ .Values.deployment.priority_class_name | quote }}
{{- end }}
{{- if .Values.deployment.image_pull_secrets }}
imagePullSecrets:
{{- range .Values.deployment.image_pull_secrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}"
imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }}
name: {{ include "kiali-server.fullname" . }}
command:
- "/opt/kiali/kiali"
- "-config"
- "/kiali-configuration/config.yaml"
ports:
- name: api-port
containerPort: {{ .Values.server.port | default 20001 }}
{{- if .Values.server.metrics_enabled }}
- name: http-metrics
containerPort: {{ .Values.server.metrics_port | default 9090 }}
{{- end }}
readinessProbe:
httpGet:
path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz
port: api-port
{{- if (include "kiali-server.identity.cert_file" .) }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
initialDelaySeconds: 5
periodSeconds: 30
livenessProbe:
httpGet:
path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz
port: api-port
{{- if (include "kiali-server.identity.cert_file" .) }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
initialDelaySeconds: 5
periodSeconds: 30
env:
- name: ACTIVE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LOG_LEVEL
value: "{{ include "kiali-server.logLevel" . }}"
- name: LOG_FORMAT
value: "{{ .Values.deployment.logger.log_format }}"
- name: LOG_TIME_FIELD_FORMAT
value: "{{ .Values.deployment.logger.time_field_format }}"
- name: LOG_SAMPLER_RATE
value: "{{ .Values.deployment.logger.sampler_rate }}"
volumeMounts:
{{- if .Values.web_root_override }}
- name: kiali-console
subPath: env.js
mountPath: /opt/kiali/console/env.js
{{- end }}
- name: {{ include "kiali-server.fullname" . }}-configuration
mountPath: "/kiali-configuration"
- name: {{ include "kiali-server.fullname" . }}-cert
mountPath: "/kiali-cert"
- name: {{ include "kiali-server.fullname" . }}-secret
mountPath: "/kiali-secret"
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
- name: {{ include "kiali-server.fullname" . }}-cabundle
mountPath: "/kiali-cabundle"
{{- end }}
{{- if .Values.deployment.resources }}
resources:
{{- toYaml .Values.deployment.resources | nindent 10 }}
{{- end }}
volumes:
{{- if .Values.web_root_override }}
- name: kiali-console
configMap:
name: kiali-console
items:
- key: env.js
path: env.js
{{- end }}
- name: {{ include "kiali-server.fullname" . }}-configuration
configMap:
name: {{ include "kiali-server.fullname" . }}
- name: {{ include "kiali-server.fullname" . }}-cert
secret:
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
secretName: {{ include "kiali-server.fullname" . }}-cert-secret
{{- else }}
secretName: istio.{{ include "kiali-server.fullname" . }}-service-account
{{- end }}
{{- if not (include "kiali-server.identity.cert_file" .) }}
optional: true
{{- end }}
- name: {{ include "kiali-server.fullname" . }}-secret
secret:
secretName: {{ .Values.deployment.secret_name }}
optional: true
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
- name: {{ include "kiali-server.fullname" . }}-cabundle
configMap:
name: {{ include "kiali-server.fullname" . }}-cabundle
{{- end }}
{{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }}
affinity:
{{- if .Values.deployment.affinity.node }}
nodeAffinity:
{{- toYaml .Values.deployment.affinity.node | nindent 10 }}
{{- end }}
{{- if .Values.deployment.affinity.pod }}
podAffinity:
{{- toYaml .Values.deployment.affinity.pod | nindent 10 }}
{{- end }}
{{- if .Values.deployment.affinity.pod_anti }}
podAntiAffinity:
{{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.tolerations }}
tolerations:
{{- toYaml .Values.deployment.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.deployment.node_selector }}
nodeSelector:
{{- toYaml .Values.deployment.node_selector | nindent 8 }}
{{- end }}
...

17
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/hpa.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.deployment.hpa.spec }}
---
apiVersion: {{ .Values.deployment.hpa.api_version }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "kiali-server.fullname" . }}
{{- toYaml .Values.deployment.hpa.spec | nindent 2 }}
...
{{- end }}

40
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/ingress.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }}
{{- if .Values.deployment.ingress_enabled }}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
annotations:
{{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}
{{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
{{- else }}
# For ingress-nginx versions older than 0.20.0 use secure-backends.
# (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948)
# For ingress-nginx versions 0.20.0 and later use backend-protocol.
{{- if (include "kiali-server.identity.cert_file" .) }}
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
{{- else }}
nginx.ingress.kubernetes.io/secure-backends: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
{{- end }}
{{- end }}
spec:
{{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
{{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
{{- else }}
rules:
- http:
paths:
- path: {{ include "kiali-server.server.web_root" . }}
backend:
serviceName: {{ include "kiali-server.fullname" . }}
servicePort: {{ .Values.server.port }}
{{- end }}
...
{{- end }}
{{- end }}

17
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/oauth.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- if .Values.kiali_route_url }}
---
apiVersion: oauth.openshift.io/v1
kind: OAuthClient
metadata:
name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
redirectURIs:
- {{ .Values.kiali_route_url }}
grantMethod: auto
allowAnyScope: true
...
{{- end }}
{{- end }}

67
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/psp.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "kiali-server.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "kiali-server.fullname" . }}-psp
subjects:
- kind: ServiceAccount
name: kiali
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "kiali-server.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- policy
resourceNames:
- {{ include "kiali-server.fullname" . }}-psp
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "kiali-server.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
spec:
allowPrivilegeEscalation: false
forbiddenSysctls:
- '*'
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end }}

15
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/role-controlplane.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "kiali-server.fullname" . }}-controlplane
namespace: {{ include "kiali-server.istio_namespace" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- secrets
verbs:
- list
...

97
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/role-viewer.yaml Normal file
View File

@ -0,0 +1,97 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kiali-server.fullname" . }}-viewer
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- namespaces
- nodes
- pods
- pods/log
- pods/proxy
- replicationcontrollers
- services
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- pods/portforward
verbs:
- create
- post
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
- security.istio.io
resources: ["*"]
verbs:
- get
- list
- watch
- apiGroups: ["apps.openshift.io"]
resources:
- deploymentconfigs
verbs:
- get
- list
- watch
- apiGroups: ["project.openshift.io"]
resources:
- projects
verbs:
- get
- apiGroups: ["route.openshift.io"]
resources:
- routes
verbs:
- get
- apiGroups: ["monitoring.kiali.io"]
resources:
- monitoringdashboards
verbs:
- get
- list
- apiGroups: ["iter8.tools"]
resources:
- experiments
verbs:
- get
- list
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs:
- create
...

108
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/role.yaml Normal file
View File

@ -0,0 +1,108 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kiali-server.fullname" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- namespaces
- nodes
- pods
- pods/log
- pods/proxy
- replicationcontrollers
- services
verbs:
- get
- list
- patch
- watch
- apiGroups: [""]
resources:
- pods/portforward
verbs:
- create
- post
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- patch
- watch
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs:
- get
- list
- patch
- watch
- apiGroups:
- networking.istio.io
- security.istio.io
resources: ["*"]
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups: ["apps.openshift.io"]
resources:
- deploymentconfigs
verbs:
- get
- list
- patch
- watch
- apiGroups: ["project.openshift.io"]
resources:
- projects
verbs:
- get
- apiGroups: ["route.openshift.io"]
resources:
- routes
verbs:
- get
- apiGroups: ["monitoring.kiali.io"]
resources:
- monitoringdashboards
verbs:
- get
- list
- apiGroups: ["iter8.tools"]
resources:
- experiments
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs:
- create
...

17
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/rolebinding-controlplane.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "kiali-server.fullname" . }}-controlplane
namespace: {{ include "kiali-server.istio_namespace" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "kiali-server.fullname" . }}-controlplane
subjects:
- kind: ServiceAccount
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
...

20
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kiali-server.fullname" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- if .Values.deployment.view_only_mode }}
name: {{ include "kiali-server.fullname" . }}-viewer
{{- else }}
name: {{ include "kiali-server.fullname" . }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
...

30
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/route.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- if .Values.deployment.ingress_enabled }}
# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
{{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}}
annotations:
{{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
{{- end }}
spec:
{{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
{{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
{{- else }}
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
to:
kind: Service
targetPort: {{ .Values.server.port }}
name: {{ include "kiali-server.fullname" . }}
{{- end }}
...
{{- end }}
{{- end }}

47
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/service.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
annotations:
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret
{{- end }}
kiali.io/api-spec: https://kiali.io/api
kiali.io/api-type: rest
{{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }}
{{- if empty .Values.server.web_port }}
kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }}
{{- else }}
kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }}
{{- end }}
{{- end }}
{{- if .Values.deployment.service_annotations }}
{{- toYaml .Values.deployment.service_annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.deployment.service_type }}
type: {{ .Values.deployment.service_type }}
{{- end }}
ports:
{{- if (include "kiali-server.identity.cert_file" .) }}
- name: tcp
{{- else }}
- name: http
{{- end }}
protocol: TCP
port: {{ .Values.server.port }}
{{- if .Values.server.metrics_enabled }}
- name: http-metrics
protocol: TCP
port: {{ .Values.server.metrics_port }}
{{- end }}
selector:
{{- include "kiali-server.selectorLabels" . | nindent 4 }}
{{- if .Values.deployment.additional_service_yaml }}
{{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }}
{{- end }}
...

9
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
...

14
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/validate-install-crd.yaml Normal file
View File

@ -0,0 +1,14 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
# {{- $found := dict -}}
# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}}
# {{- range .Capabilities.APIVersions -}}
# {{- if hasKey $found (toString .) -}}
# {{- set $found (toString .) true -}}
# {{- end -}}
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}

12
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/templates/web-root-configmap.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.web_root_override }}
apiVersion: v1
kind: ConfigMap
metadata:
name: kiali-console
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
data:
env.js: |
window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali';
{{- end }}

93
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/kiali/values.yaml Normal file
View File

@ -0,0 +1,93 @@
nameOverride: "kiali"
fullnameOverride: "kiali"
# This is required for "openshift" auth strategy.
# You have to know ahead of time what your Route URL will be because
# right now the helm chart can't figure this out at runtime (it would
# need to wait for the Kiali Route to be deployed and for OpenShift
# to start it up). If someone knows how to update this helm chart to
# do this, a PR would be welcome.
kiali_route_url: ""
# rancher specific override that allows proxy access to kiali url
web_root_override: true
#
# Settings that mimic the Kiali CR which are placed in the ConfigMap.
# Note that only those values used by the Helm Chart will be here.
#
istio_namespace: "" # default is where Kiali is installed
auth:
openid: {}
openshift: {}
strategy: ""
deployment:
# This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything.
# For more control over what the Kial Service Account can see, use the Kiali Operator
accessible_namespaces:
- "**"
additional_service_yaml: {}
affinity:
node: {}
pod: {}
pod_anti: {}
custom_dashboards:
excludes: ['']
includes: ['*']
hpa:
api_version: "autoscaling/v2beta2"
spec: {}
repository: rancher/mirrored-kiali-kiali
image_pull_policy: "Always"
image_pull_secrets: []
tag: v1.32.0
ingress_enabled: true
logger:
log_format: "text"
log_level: "info"
time_field_format: "2006-01-02T15:04:05Z07:00"
sampler_rate: "1"
node_selector: {}
override_ingress_yaml:
metadata: {}
pod_annotations: {}
pod_labels: {}
priority_class_name: ""
replicas: 1
resources: {}
secret_name: "kiali"
service_annotations: {}
service_type: ""
tolerations: []
version_label: v1.32.0
view_only_mode: false
external_services:
custom_dashboards:
enabled: true
identity: {}
#cert_file:
#private_key_file:
login_token:
signing_key: ""
server:
port: 20001
metrics_enabled: true
metrics_port: 9090
web_root: ""
# Common settings used among istio subcharts.
global:
# Specify rancher clusterId of external tracing config
# https://github.com/istio/istio.io/issues/4146#issuecomment-493543032
cattle:
systemDefaultRegistry: ""
clusterId:
rbac:
pspEnabled: false

23
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

12
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/Chart.yaml Normal file
View File

@ -0,0 +1,12 @@
annotations:
catalog.cattle.io/hidden: "true"
catalog.cattle.io/os: linux
catalog.rancher.io/certified: rancher
catalog.rancher.io/namespace: istio-system
catalog.rancher.io/release-name: rancher-tracing
apiVersion: v1
appVersion: 1.20.0
description: A quick start Jaeger Tracing installation using the all-in-one demo.
This is not production qualified. Refer to https://www.jaegertracing.io/ for details.
name: tracing
version: 1.20.1

5
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/README.md Normal file
View File

@ -0,0 +1,5 @@
# Jaeger
A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices.
> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs.

92
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/templates/_affinity.tpl Normal file
View File

@ -0,0 +1,92 @@
{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}}
{{- define "nodeAffinity" }}
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
{{- include "nodeAffinityRequiredDuringScheduling" . }}
preferredDuringSchedulingIgnoredDuringExecution:
{{- include "nodeAffinityPreferredDuringScheduling" . }}
{{- end }}
{{- define "nodeAffinityRequiredDuringScheduling" }}
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
{{- range $key, $val := .Values.global.arch }}
{{- if gt ($val | int) 0 }}
- {{ $key | quote }}
{{- end }}
{{- end }}
{{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}}
{{- range $key, $val := $nodeSelector }}
- key: {{ $key }}
operator: In
values:
- {{ $val | quote }}
{{- end }}
{{- end }}
{{- define "nodeAffinityPreferredDuringScheduling" }}
{{- range $key, $val := .Values.global.arch }}
{{- if gt ($val | int) 0 }}
- weight: {{ $val | int }}
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- {{ $key | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- define "podAntiAffinity" }}
{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}}
podAntiAffinity:
{{- if .Values.podAntiAffinityLabelSelector }}
requiredDuringSchedulingIgnoredDuringExecution:
{{- include "podAntiAffinityRequiredDuringScheduling" . }}
{{- end }}
{{- if or .Values.podAntiAffinityTermLabelSelector}}
preferredDuringSchedulingIgnoredDuringExecution:
{{- include "podAntiAffinityPreferredDuringScheduling" . }}
{{- end }}
{{- end }}
{{- end }}
{{- define "podAntiAffinityRequiredDuringScheduling" }}
{{- range $index, $item := .Values.podAntiAffinityLabelSelector }}
- labelSelector:
matchExpressions:
- key: {{ $item.key }}
operator: {{ $item.operator }}
{{- if $item.values }}
values:
{{- $vals := split "," $item.values }}
{{- range $i, $v := $vals }}
- {{ $v | quote }}
{{- end }}
{{- end }}
topologyKey: {{ $item.topologyKey }}
{{- end }}
{{- end }}
{{- define "podAntiAffinityPreferredDuringScheduling" }}
{{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }}
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: {{ $item.key }}
operator: {{ $item.operator }}
{{- if $item.values }}
values:
{{- $vals := split "," $item.values }}
{{- range $i, $v := $vals }}
- {{ $v | quote }}
{{- end }}
{{- end }}
topologyKey: {{ $item.topologyKey }}
weight: 100
{{- end }}
{{- end }}

32
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,32 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "tracing.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "tracing.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

86
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/templates/deployment.yaml Normal file
View File

@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ .Values.provider }}
template:
metadata:
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
sidecar.istio.io/inject: "false"
prometheus.io/scrape: "true"
prometheus.io/port: "14269"
{{- if .Values.jaeger.podAnnotations }}
{{ toYaml .Values.jaeger.podAnnotations | indent 8 }}
{{- end }}
spec:
containers:
- name: jaeger
image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
env:
{{- if eq .Values.jaeger.spanStorageType "badger" }}
- name: BADGER_EPHEMERAL
value: "false"
- name: SPAN_STORAGE_TYPE
value: "badger"
- name: BADGER_DIRECTORY_VALUE
value: "/badger/data"
- name: BADGER_DIRECTORY_KEY
value: "/badger/key"
{{- end }}
- name: COLLECTOR_ZIPKIN_HTTP_PORT
value: "9411"
- name: MEMORY_MAX_TRACES
value: "{{ .Values.jaeger.memory.max_traces }}"
- name: QUERY_BASE_PATH
value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }}
livenessProbe:
httpGet:
path: /
port: 14269
readinessProbe:
httpGet:
path: /
port: 14269
{{- if eq .Values.jaeger.spanStorageType "badger" }}
volumeMounts:
- name: data
mountPath: /badger
{{- end }}
resources:
{{- if .Values.jaeger.resources }}
{{ toYaml .Values.jaeger.resources | indent 12 }}
{{- else }}
{{ toYaml .Values.global.defaultResources | indent 12 }}
{{- end }}
affinity:
{{- include "nodeAffinity" . | indent 6 }}
{{- include "podAntiAffinity" . | indent 6 }}
{{- if .Values.global.rbac.pspEnabled }}
securityContext:
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: {{ include "tracing.fullname" . }}
{{- end }}
{{- if eq .Values.jaeger.spanStorageType "badger" }}
volumes:
- name: data
{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
persistentVolumeClaim:
claimName: istio-jaeger-pvc
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}

86
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/templates/psp.yaml Normal file
View File

@ -0,0 +1,86 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "tracing.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "tracing.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups:
- policy
resourceNames:
- {{ include "tracing.fullname" . }}
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
allowPrivilegeEscalation: false
forbiddenSysctls:
- '*'
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- emptyDir
- secret
- persistentVolumeClaim
{{- end }}

16
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/templates/pvc.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: istio-jaeger-pvc
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
spec:
storageClassName: {{ .Values.jaeger.storageClassName }}
accessModes:
- {{ .Values.jaeger.accessMode }}
resources:
requests:
storage: {{.Values.jaeger.persistentVolumeClaim.storage }}
{{- end }}

63
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/templates/service.yaml Normal file
View File

@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: tracing
namespace: {{ .Release.Namespace }}
annotations:
{{- range $key, $val := .Values.service.annotations }}
{{ $key }}: {{ $val | quote }}
{{- end }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.service.type }}
ports:
- name: {{ .Values.service.name }}
port: {{ .Values.service.externalPort }}
protocol: TCP
targetPort: 16686
selector:
app: {{ .Values.provider }}
---
# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
apiVersion: v1
kind: Service
metadata:
name: zipkin
namespace: {{ .Release.Namespace }}
labels:
name: zipkin
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
ports:
- name: {{ .Values.service.name }}
port: {{ .Values.zipkin.queryPort }}
targetPort: {{ .Values.zipkin.queryPort }}
selector:
app: {{ .Values.provider }}
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: ClusterIP
ports:
- name: jaeger-collector-http
port: 14268
targetPort: 14268
protocol: TCP
- name: jaeger-collector-grpc
port: 14250
targetPort: 14250
protocol: TCP
selector:
app: {{ .Values.provider }}

44
charts/rancher-istio-1.9/rancher-istio/1.9.600/charts/tracing/values.yaml Normal file
View File

@ -0,0 +1,44 @@
provider: jaeger
contextPath: ""
nodeSelector: {}
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
nameOverride: ""
fullnameOverride: ""
global:
cattle:
systemDefaultRegistry: ""
defaultResources: {}
imagePullPolicy: IfNotPresent
imagePullSecrets: []
arch:
amd64: 2
s390x: 2
ppc64le: 2
defaultNodeSelector: {}
rbac:
pspEnabled: false
jaeger:
repository: rancher/mirrored-jaegertracing-all-in-one
tag: 1.20.0
# spanStorageType value can be "memory" and "badger" for all-in-one image
spanStorageType: badger
resources:
requests:
cpu: 10m
persistentVolumeClaim:
enabled: false
storage: 5Gi
storageClassName: ""
accessMode: ReadWriteMany
memory:
max_traces: 50000
zipkin:
queryPort: 9411
service:
annotations: {}
name: http-query
type: ClusterIP
externalPort: 16686

82
charts/rancher-istio-1.9/rancher-istio/1.9.600/configs/istio-base.yaml Normal file
View File

@ -0,0 +1,82 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
base:
enabled: {{ .Values.base.enabled }}
cni:
enabled: {{ .Values.cni.enabled }}
egressGateways:
- enabled: {{ .Values.egressGateways.enabled }}
name: istio-egressgateway
ingressGateways:
- enabled: {{ .Values.ingressGateways.enabled }}
name: istio-ingressgateway
k8s:
service:
ports:
- name: status-port
port: 15021
targetPort: 15021
- name: http2
port: 80
targetPort: 8080
nodePort: 31380
- name: https
port: 443
targetPort: 8443
nodePort: 31390
- name: tcp
port: 31400
targetPort: 31400
nodePort: 31400
- name: tls
port: 15443
targetPort: 15443
istiodRemote:
enabled: {{ .Values.istiodRemote.enabled }}
pilot:
enabled: {{ .Values.pilot.enabled }}
hub: {{ .Values.systemDefaultRegistry | default "docker.io" }}
profile: default
tag: {{ .Values.tag }}
revision: {{ .Values.revision }}
meshConfig:
defaultConfig:
proxyMetadata:
{{- if .Values.dns.enabled }}
ISTIO_META_DNS_CAPTURE: "true"
{{- end }}
values:
gateways:
istio-egressgateway:
name: istio-egressgateway
type: {{ .Values.egressGateways.type }}
istio-ingressgateway:
name: istio-ingressgateway
type: {{ .Values.ingressGateways.type }}
global:
istioNamespace: {{ template "istio.namespace" . }}
proxy:
image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}
proxy_init:
image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}
{{- if .Values.global.defaultPodDisruptionBudget.enabled }}
defaultPodDisruptionBudget:
enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }}
{{- end }}
{{- if .Values.pilot.enabled }}
pilot:
image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }}
{{- end }}
telemetry:
enabled: {{ .Values.telemetry.enabled }}
v2:
enabled: {{ .Values.telemetry.v2.enabled }}
{{- if .Values.cni.enabled }}
cni:
image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }}
excludeNamespaces:
{{- toYaml .Values.cni.excludeNamespaces | nindent 8 }}
logLevel: {{ .Values.cni.logLevel }}
{{- end }}

7
charts/rancher-istio-1.9/rancher-istio/1.9.600/requirements.yaml Normal file
View File

@ -0,0 +1,7 @@
dependencies:
- condition: kiali.enabled
name: kiali
repository: file://./charts/kiali
- condition: tracing.enabled
name: tracing
repository: file://./charts/tracing

37
charts/rancher-istio-1.9/rancher-istio/1.9.600/samples/overlay-example.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
ingressGateways:
- enabled: true
name: ilb-gateway
namespace: user-ingressgateway-ns
k8s:
resources:
requests:
cpu: 200m
service:
ports:
- name: tcp-citadel-grpc-tls
port: 8060
targetPort: 8060
- name: tcp-dns
port: 5353
serviceAnnotations:
cloud.google.com/load-balancer-type: internal
- enabled: true
name: other-gateway
namespace: cattle-istio-system
k8s:
resources:
requests:
cpu: 200m
service:
ports:
- name: tcp-citadel-grpc-tls
port: 8060
targetPort: 8060
- name: tcp-dns
port: 5353
serviceAnnotations:
cloud.google.com/load-balancer-type: internal

12
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,12 @@
{{/* Ensure namespace is set the same everywhere */}}
{{- define "istio.namespace" -}}
{{- .Release.Namespace | default "istio-system" -}}
{{- end -}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

43
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/admin-role.yaml Normal file
View File

@ -0,0 +1,43 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: istio-admin
namespace: {{ template "istio.namespace" . }}
rules:
- apiGroups:
- config.istio.io
resources:
- adapters
- attributemanifests
- handlers
- httpapispecbindings
- httpapispecs
- instances
- quotaspecbindings
- quotaspecs
- rules
- templates
verbs: ["get", "watch", "list"]
- apiGroups:
- networking.istio.io
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
- workloadentries
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- authorizationpolicies
- peerauthentications
- requestauthentications
verbs:
- '*'

7
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/base-config-map.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-installer-base
namespace: {{ template "istio.namespace" . }}
data:
{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}

120
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,120 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: istio-installer
rules:
# istio groups
- apiGroups:
- authentication.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- install.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
# k8s groups
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions.apiextensions.k8s.io
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- daemonsets
- deployments
- deployments/finalizers
- ingresses
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- events
- namespaces
- pods
- pods/exec
- persistentvolumeclaims
- secrets
- services
- serviceaccounts
verbs:
- '*'
- apiGroups:
- policy
resourceNames:
- istio-installer
resources:
- podsecuritypolicies
verbs:
- use

12
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-installer
subjects:
- kind: ServiceAccount
name: istio-installer
namespace: {{ template "istio.namespace" . }}
roleRef:
kind: ClusterRole
name: istio-installer
apiGroup: rbac.authorization.k8s.io

43
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/edit-role.yaml Normal file
View File

@ -0,0 +1,43 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
namespace: {{ template "istio.namespace" . }}
name: istio-edit
rules:
- apiGroups:
- config.istio.io
resources:
- adapters
- attributemanifests
- handlers
- httpapispecbindings
- httpapispecs
- instances
- quotaspecbindings
- quotaspecs
- rules
- templates
verbs: ["get", "watch", "list"]
- apiGroups:
- networking.istio.io
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
- workloadentries
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- authorizationpolicies
- peerauthentications
- requestauthentications
verbs:
- '*'

51
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/istio-cni-psp.yaml Normal file
View File

@ -0,0 +1,51 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp-istio-cni
namespace: {{ template "istio.namespace" . }}
spec:
allowPrivilegeEscalation: true
fsGroup:
rule: RunAsAny
hostNetwork: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- emptyDir
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: psp-istio-cni
namespace: {{ template "istio.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: psp-istio-cni
subjects:
- kind: ServiceAccount
name: istio-cni
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: psp-istio-cni
namespace: {{ template "istio.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- psp-istio-cni
resources:
- podsecuritypolicies
verbs:
- use
{{- end }}

50
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/istio-install-job.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: batch/v1
kind: Job
metadata:
name: istioctl-installer
namespace: {{ template "istio.namespace" . }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 1
template:
spec:
containers:
- name: istioctl-installer
image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
env:
- name: RELEASE_NAME
value: {{ .Release.Name }}
- name: ISTIO_NAMESPACE
value: {{ template "istio.namespace" . }}
- name: FORCE_INSTALL
value: {{ .Values.forceInstall | default "false" | quote }}
command: ["/bin/sh","-c"]
args: ["/usr/local/app/scripts/run.sh"]
volumeMounts:
- name: config-volume
mountPath: /app/istio-base.yaml
subPath: istio-base.yaml
{{- if .Values.overlayFile }}
- name: overlay-volume
mountPath: /app/overlay-config.yaml
subPath: overlay-config.yaml
{{- end }}
volumes:
- name: config-volume
configMap:
name: istio-installer-base
{{- if .Values.overlayFile }}
- name: overlay-volume
configMap:
name: istio-installer-overlay
{{- end }}
serviceAccountName: istio-installer
{{- if .Values.global.rbac.pspEnabled }}
securityContext:
runAsUser: 101
runAsGroup: 101
{{- end }}
restartPolicy: Never

30
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/istio-install-psp.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: istio-installer
namespace: {{ template "istio.namespace" . }}
spec:
privileged: false
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
volumes:
- 'configMap'
- 'secret'
{{- end }}

81
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/istio-psp.yaml Normal file
View File

@ -0,0 +1,81 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: istio-psp
namespace: {{ template "istio.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: istio-psp
subjects:
- kind: ServiceAccount
name: istio-egressgateway-service-account
- kind: ServiceAccount
name: istio-ingressgateway-service-account
- kind: ServiceAccount
name: istio-mixer-service-account
- kind: ServiceAccount
name: istio-operator-authproxy
- kind: ServiceAccount
name: istiod-service-account
- kind: ServiceAccount
name: istio-sidecar-injector-service-account
- kind: ServiceAccount
name: istiocoredns-service-account
- kind: ServiceAccount
name: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: istio-psp
namespace: {{ template "istio.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- istio-psp
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: istio-psp
namespace: {{ template "istio.namespace" . }}
spec:
allowPrivilegeEscalation: false
forbiddenSysctls:
- '*'
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end }}

45
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/istio-uninstall-job.yaml Normal file
View File

@ -0,0 +1,45 @@
apiVersion: batch/v1
kind: Job
metadata:
name: istioctl-uninstaller
namespace: {{ template "istio.namespace" . }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
spec:
containers:
- name: istioctl-uninstaller
image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
env:
- name: RELEASE_NAME
value: {{ .Release.Name }}
- name: ISTIO_NAMESPACE
value: {{ template "istio.namespace" . }}
command: ["/bin/sh","-c"]
args: ["/usr/local/app/scripts/uninstall_istio_system.sh"]
volumeMounts:
- name: config-volume
mountPath: /app/istio-base.yaml
subPath: istio-base.yaml
{{- if .Values.overlayFile }}
- name: overlay-volume
mountPath: /app/overlay-config.yaml
subPath: overlay-config.yaml
{{ end }}
volumes:
- name: config-volume
configMap:
name: istio-installer-base
{{- if .Values.overlayFile }}
- name: overlay-volume
configMap:
name: istio-installer-overlay
{{ end }}
serviceAccountName: istio-installer
securityContext:
runAsUser: 101
runAsGroup: 101
restartPolicy: OnFailure

9
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/overlay-config-map.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- if .Values.overlayFile }}
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-installer-overlay
namespace: {{ template "istio.namespace" . }}
data:
overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }}
{{- end }}

51
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/service-monitors.yaml Normal file
View File

@ -0,0 +1,51 @@
{{- if .Values.kiali.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: envoy-stats-monitor
namespace: {{ template "istio.namespace" . }}
labels:
monitoring: istio-proxies
spec:
selector:
matchExpressions:
- {key: istio-prometheus-ignore, operator: DoesNotExist}
namespaceSelector:
any: true
jobLabel: envoy-stats
endpoints:
- path: /stats/prometheus
targetPort: 15090
interval: 15s
relabelings:
- sourceLabels: [__meta_kubernetes_pod_container_port_name]
action: keep
regex: '.*-envoy-prom'
- action: labeldrop
regex: "__meta_kubernetes_pod_label_(.+)"
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: namespace
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: pod_name
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: istio-component-monitor
namespace: {{ template "istio.namespace" . }}
labels:
monitoring: istio-components
spec:
jobLabel: istio
targetLabels: [app]
selector:
matchExpressions:
- {key: istio, operator: In, values: [pilot]}
namespaceSelector:
any: true
endpoints:
- port: http-monitoring
interval: 15s
{{- end -}}

5
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: istio-installer
namespace: {{ template "istio.namespace" . }}

41
charts/rancher-istio-1.9/rancher-istio/1.9.600/templates/view-role.yaml Normal file
View File

@ -0,0 +1,41 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
namespace: {{ template "istio.namespace" . }}
name: istio-view
rules:
- apiGroups:
- config.istio.io
resources:
- adapters
- attributemanifests
- handlers
- httpapispecbindings
- httpapispecs
- instances
- quotaspecbindings
- quotaspecs
- rules
- templates
verbs: ["get", "watch", "list"]
- apiGroups:
- networking.istio.io
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
- workloadentries
verbs: ["get", "watch", "list"]
- apiGroups:
- security.istio.io
resources:
- authorizationpolicies
- peerauthentications
- requestauthentications
verbs: ["get", "watch", "list"]

85
charts/rancher-istio-1.9/rancher-istio/1.9.600/values.yaml Normal file
View File

@ -0,0 +1,85 @@
overlayFile: ""
tag: 1.9.6
##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install
forceInstall: false
installer:
repository: rancher/istio-installer
tag: 1.9.6-rancher1
##Native support for dns added in 1.8
dns:
enabled: false
base:
enabled: true
cni:
enabled: false
repository: rancher/mirrored-istio-install-cni
tag: 1.9.6
logLevel: info
excludeNamespaces:
- istio-system
- kube-system
egressGateways:
enabled: false
type: NodePort
ingressGateways:
enabled: true
type: NodePort
istiodRemote:
enabled: false
pilot:
enabled: true
repository: rancher/mirrored-istio-pilot
tag: 1.9.6
telemetry:
enabled: true
v2:
enabled: true
global:
cattle:
systemDefaultRegistry: ""
proxy:
repository: rancher/mirrored-istio-proxyv2
tag: 1.9.6
proxy_init:
repository: rancher/mirrored-istio-proxyv2
tag: 1.9.6
defaultPodDisruptionBudget:
enabled: true
rbac:
pspEnabled: false
# Kiali subchart from rancher-kiali-server
kiali:
enabled: true
auth:
strategy: anonymous
deployment:
ingress_enabled: false
repository: rancher/mirrored-kiali-kiali
tag: v1.32.0
external_services:
prometheus:
custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
tracing:
in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger"
grafana:
in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
tracing:
enabled: false
contextPath: "/jaeger"
jaeger:
repository: rancher/mirrored-jaegertracing-all-in-one
tag: 1.20.0

11
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/Chart.yaml Normal file
View File

@ -0,0 +1,11 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-system
catalog.cattle.io/os: linux
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.1.1
description: ValidatingAdmissionWebhook for Rancher types
name: rancher-webhook
version: 0.1.100+up0.1.1

7
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,7 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

26
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/templates/deployment.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: rancher-webhook
spec:
selector:
matchLabels:
app: rancher-webhook
template:
metadata:
labels:
app: rancher-webhook
spec:
containers:
- env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
name: rancher-webhook
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
ports:
- name: https
containerPort: 9443
serviceAccountName: rancher-webhook

12
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/templates/rbac.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: rancher-webhook
namespace: {{.Release.Namespace}}

13
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/templates/service.yaml Normal file
View File

@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: rancher-webhook
namespace: cattle-system
spec:
ports:
- port: 443
targetPort: 9443
protocol: TCP
name: https
selector:
app: rancher-webhook

4
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-webhook

19
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/templates/webhook.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: rancher.cattle.io
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: rancher-webhook
namespace: cattle-system
path: /v1/webhook/validation
port: 443
failurePolicy: Ignore
matchPolicy: Equivalent
name: rancher.cattle.io
sideEffects: None
timeoutSeconds: 10

8
charts/rancher-webhook/rancher-webhook/0.1.100+up0.1.1/values.yaml Normal file
View File

@ -0,0 +1,8 @@
image:
repository: rancher/rancher-webhook
tag: v0.1.1
imagePullPolicy: IfNotPresent
global:
cattle:
systemDefaultRegistry: ""