andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1600 from brendarearden/rm-istio-v1.10.4 

Remove 100.0.3+up1.10.4 in favor of 100.1.0+up1.11.4
pull/1606/head
Brenda Rearden 2021-11-09 09:51:53 -07:00 committed by GitHub
parent 52bfac95c7 9489802e5b
commit de3bceabbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
75 changed files with 0 additions and 3465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-istio/rancher-istio-100.0.3+up1.10.4.tgz
View File

Binary file not shown.

23
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/Chart.yaml
View File

@ -1,23 +0,0 @@
annotations:
catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Istio
catalog.cattle.io/namespace: istio-system
catalog.cattle.io/os: linux
catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0'
catalog.cattle.io/release-name: rancher-istio
catalog.cattle.io/requests-cpu: 710m
catalog.cattle.io/requests-memory: 2314Mi
catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: istio
apiVersion: v1
appVersion: 1.10.4
description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
for details.
icon: https://charts.rancher.io/assets/logos/istio.svg
keywords:
- networking
- infrastructure
name: rancher-istio
version: 100.0.3+up1.10.4

80
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/README.md
View File

@ -1,80 +0,0 @@
# Rancher-Istio Chart
Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization.
See the app-readme for known issues and deprecations.
## Installation Requirements
#### Chart Dependencies
- rancher-kiali-server-crd chart
- rancher-monitoring chart or other Prometheus installation
#### Install
To install the rancher-istio chart with helm, use the following command:
```
helm install rancher-istio <location/of/the/rancher-istio/chart> --create-namespace -n istio-system
```
#### Uninstall
To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal.
**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:**
`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"`
## Addons
The addons that are included with rancher-istio are:
- Kiali
- Jaeger
Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon.
### Kiali Addon
Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard.
#### Kiali Dependencies
##### rancher-monitoring chart or other Prometheus installation
This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation.
#### Prometheus Configuration for Kiali
> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding.
The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces.
To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources.
1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape.
1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces.
#### Kiali External Services
The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing.
##### Prometheus
The `kiali.external_services.prometheus` url is set in the values.yaml:
```
http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }}
```
The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance.
##### Grafana
The `kiali.external_services.grafana` url is set in the values.yaml:
```
http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }}
```
The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance.
##### Tracing
The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml:
```
http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }}
```
The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance.
## Jaeger Addon
Jaeger allows you to trace and monitor distributed microservices.
> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs.

35
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/app-readme.md
View File

@ -1,35 +0,0 @@
# Rancher Istio
Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes:
* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh
* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead.
For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/).
## Known Issues
#### Airgapped Environments
If you are using this chart in an airgapped environment, you will not be able to upgrade. This is because the `istioctl` upgrade command reaches out to an external repo and it is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402)
## Deprecations
#### v1alpha1 security policies
As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/
If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version.
> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to:
```
Error: found 6 CRD of unsupported v1alpha1 security policy
```
```
Error: found 1 unsupported v1alpha1 security policy
```
```
Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x
```
Continue with the migration steps below before retrying the upgrade process.
##### Migrating Resources:
Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post").
You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps.

31
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/Chart.yaml
View File

@ -1,31 +0,0 @@
annotations:
catalog.cattle.io/auto-install: rancher-kiali-server-crd=match
catalog.cattle.io/hidden: "true"
catalog.cattle.io/os: linux
catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1
catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1
catalog.rancher.io/namespace: cattle-istio-system
catalog.rancher.io/release-name: rancher-kiali-server
apiVersion: v2
appVersion: v1.35.0
description: Kiali is an open source project for service mesh observability, refer
to https://www.kiali.io for details. This is installed as sub-chart with customized
values in Rancher's Istio.
home: https://github.com/kiali/kiali
icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png
keywords:
- istio
- kiali
- networking
- infrastructure
maintainers:
- email: kiali-users@googlegroups.com
name: Kiali
url: https://kiali.io
name: kiali
sources:
- https://github.com/kiali/kiali
- https://github.com/kiali/kiali-ui
- https://github.com/kiali/kiali-operator
- https://github.com/kiali/helm-charts
version: 1.35.0

5
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/NOTES.txt
View File

@ -1,5 +0,0 @@
Welcome to Kiali! For more details on Kiali, see: https://kiali.io
The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon.
(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}])

193
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/_helpers.tpl
View File

@ -1,193 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create a default fully qualified instance name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride.
For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali,
use fullnameOverride, otherwise use deployment.instance_name.
*/}}
{{- define "kiali-server.fullname" -}}
{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }}
{{- .Values.fullnameOverride | trunc 63 }}
{{- else }}
{{- .Values.deployment.instance_name | trunc 63 }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kiali-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Identifies the log_level with the old verbose_mode and the new log_level considered.
*/}}
{{- define "kiali-server.logLevel" -}}
{{- if .Values.deployment.verbose_mode -}}
{{- .Values.deployment.verbose_mode -}}
{{- else -}}
{{- .Values.deployment.logger.log_level -}}
{{- end -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kiali-server.labels" -}}
helm.sh/chart: {{ include "kiali-server.chart" . }}
app: kiali
{{ include "kiali-server.selectorLabels" . }}
version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: "kiali"
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kiali-server.selectorLabels" -}}
{{- $releaseName := .Release.Name -}}
{{- $fullName := include "kiali-server.fullname" . -}}
{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}}
app.kubernetes.io/name: kiali
{{- if (and .Release.IsUpgrade $deployment)}}
app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }}
{{- else }}
app.kubernetes.io/instance: {{ $fullName }}
{{- end }}
{{- end }}
{{/*
Used to determine if a custom dashboard (defined in .Template.Name) should be deployed.
*/}}
{{- define "kiali-server.isDashboardEnabled" -}}
{{- if .Values.external_services.custom_dashboards.enabled }}
{{- $includere := "" }}
{{- range $_, $s := .Values.deployment.custom_dashboards.includes }}
{{- if $s }}
{{- if $includere }}
{{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }}
{{- else }}
{{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
{{- end }}
{{- end }}
{{- end }}
{{- $excludere := "" }}
{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }}
{{- if $s }}
{{- if $excludere }}
{{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }}
{{- else }}
{{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
{{- end }}
{{- end }}
{{- end }}
{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }}
{{- print "enabled" }}
{{- else }}
{{- print "" }}
{{- end }}
{{- else }}
{{- print "" }}
{{- end }}
{{- end }}
{{/*
Determine the default login token signing key.
*/}}
{{- define "kiali-server.login_token.signing_key" -}}
{{- if .Values.login_token.signing_key }}
{{- .Values.login_token.signing_key }}
{{- else }}
{{- randAlphaNum 16 }}
{{- end }}
{{- end }}
{{/*
Determine the default web root.
*/}}
{{- define "kiali-server.server.web_root" -}}
{{- if .Values.server.web_root }}
{{- .Values.server.web_root | trimSuffix "/" }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- "/" }}
{{- else }}
{{- "/kiali" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Determine the default identity cert file. There is no default if on k8s; only on OpenShift.
*/}}
{{- define "kiali-server.identity.cert_file" -}}
{{- if hasKey .Values.identity "cert_file" }}
{{- .Values.identity.cert_file }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- "/kiali-cert/tls.crt" }}
{{- else }}
{{- "" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Determine the default identity private key file. There is no default if on k8s; only on OpenShift.
*/}}
{{- define "kiali-server.identity.private_key_file" -}}
{{- if hasKey .Values.identity "private_key_file" }}
{{- .Values.identity.private_key_file }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- "/kiali-cert/tls.key" }}
{{- else }}
{{- "" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Determine the istio namespace - default is where Kiali is installed.
*/}}
{{- define "kiali-server.istio_namespace" -}}
{{- if .Values.istio_namespace }}
{{- .Values.istio_namespace }}
{{- else }}
{{- .Release.Namespace }}
{{- end }}
{{- end }}
{{/*
Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift.
*/}}
{{- define "kiali-server.auth.strategy" -}}
{{- if .Values.auth.strategy }}
{{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }}
{{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }}
{{- end }}
{{- .Values.auth.strategy }}
{{- else }}
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- if not .Values.kiali_route_url }}
{{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }}
{{- end }}
{{- "openshift" }}
{{- else }}
{{- "token" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

13
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/cabundle.yaml
View File

@ -1,13 +0,0 @@
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kiali-server.fullname" . }}-cabundle
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
annotations:
service.beta.openshift.io/inject-cabundle: "true"
...
{{- end }}

25
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/configmap.yaml
View File

@ -1,25 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
data:
config.yaml: |
{{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}}
{{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }}
{{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}}
{{- $_ := set $cm.deployment "namespace" .Release.Namespace }}
{{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}}
{{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }}
{{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }}
{{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }}
{{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }}
{{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }}
{{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }}
{{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }}
{{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }}
{{- toYaml $cm | nindent 4 }}
...

56
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
View File

@ -1,56 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: envoy
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Envoy Metrics
discoverOn: "envoy_server_uptime"
items:
- chart:
name: "Pods uptime"
spans: 4
metricName: "envoy_server_uptime"
dataType: "raw"
- chart:
name: "Allocated memory"
unit: "bytes"
spans: 4
metricName: "envoy_server_memory_allocated"
dataType: "raw"
min: 0
- chart:
name: "Heap size"
unit: "bytes"
spans: 4
metricName: "envoy_server_memory_heap_size"
dataType: "raw"
min: 0
- chart:
name: "Upstream active connections"
spans: 6
metricName: "envoy_cluster_upstream_cx_active"
dataType: "raw"
- chart:
name: "Upstream total requests"
spans: 6
metricName: "envoy_cluster_upstream_rq_total"
unit: "rps"
dataType: "rate"
- chart:
name: "Downstream active connections"
spans: 6
metricName: "envoy_listener_downstream_cx_active"
dataType: "raw"
- chart:
name: "Downstream HTTP requests"
spans: 6
metricName: "envoy_listener_http_downstream_rq"
unit: "rps"
dataType: "rate"
...
{{- end }}

67
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/go.yaml
View File

@ -1,67 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: go
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Go Metrics
runtime: Go
discoverOn: "go_info"
items:
- chart:
name: "CPU ratio"
spans: 6
metricName: "process_cpu_seconds_total"
dataType: "rate"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "RSS Memory"
unit: "bytes"
spans: 6
metricName: "process_resident_memory_bytes"
dataType: "raw"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "Goroutines"
spans: 6
metricName: "go_goroutines"
dataType: "raw"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "Heap allocation rate"
unit: "bytes/s"
spans: 6
metricName: "go_memstats_alloc_bytes_total"
dataType: "rate"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "GC rate"
spans: 6
metricName: "go_gc_duration_seconds_count"
dataType: "rate"
aggregations:
- label: "pod_name"
displayName: "Pod"
- chart:
name: "Next GC"
unit: "bytes"
spans: 6
metricName: "go_memstats_next_gc_bytes"
dataType: "raw"
aggregations:
- label: "pod_name"
displayName: "Pod"
...
{{- end }}

44
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
View File

@ -1,44 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: kiali
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Kiali Internal Metrics
items:
- chart:
name: "API processing duration"
unit: "seconds"
spans: 6
metricName: "kiali_api_processing_duration_seconds"
dataType: "histogram"
aggregations:
- label: "route"
displayName: "Route"
- chart:
name: "Functions processing duration"
unit: "seconds"
spans: 6
metricName: "kiali_go_function_processing_duration_seconds"
dataType: "histogram"
aggregations:
- label: "function"
displayName: "Function"
- label: "package"
displayName: "Package"
- chart:
name: "Failures"
spans: 12
metricName: "kiali_go_function_failures_total"
dataType: "raw"
aggregations:
- label: "function"
displayName: "Function"
- label: "package"
displayName: "Package"
...
{{- end }}

43
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
View File

@ -1,43 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: micrometer-1.0.6-jvm-pool
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: JVM
title: JVM Pool Metrics
discoverOn: "jvm_buffer_total_capacity_bytes"
items:
- chart:
name: "Pool buffer memory used"
unit: "bytes"
spans: 4
metricName: "jvm_buffer_memory_used_bytes"
dataType: "raw"
aggregations:
- label: "id"
displayName: "Pool"
- chart:
name: "Pool buffer capacity"
unit: "bytes"
spans: 4
metricName: "jvm_buffer_total_capacity_bytes"
dataType: "raw"
aggregations:
- label: "id"
displayName: "Pool"
- chart:
name: "Pool buffer count"
unit: "bytes"
spans: 4
metricName: "jvm_buffer_count"
dataType: "raw"
aggregations:
- label: "id"
displayName: "Pool"
...
{{- end }}

65
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
View File

@ -1,65 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: micrometer-1.0.6-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: JVM
title: JVM Metrics
discoverOn: "jvm_threads_live"
items:
- chart:
name: "Total live threads"
spans: 4
metricName: "jvm_threads_live"
dataType: "raw"
- chart:
name: "Daemon threads"
spans: 4
metricName: "jvm_threads_daemon"
dataType: "raw"
- chart:
name: "Loaded classes"
spans: 4
metricName: "jvm_classes_loaded"
dataType: "raw"
- chart:
name: "Memory used"
unit: "bytes"
spans: 4
metricName: "jvm_memory_used_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory commited"
unit: "bytes"
spans: 4
metricName: "jvm_memory_committed_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory max"
unit: "bytes"
spans: 4
metricName: "jvm_memory_max_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
...
{{- end }}

68
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
View File

@ -1,68 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: micrometer-1.1-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: JVM
title: JVM Metrics
discoverOn: "jvm_threads_live_threads"
items:
- chart:
name: "Memory used"
unit: "bytes"
spans: 4
metricName: "jvm_memory_used_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory commited"
unit: "bytes"
spans: 4
metricName: "jvm_memory_committed_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Memory max"
unit: "bytes"
spans: 4
metricName: "jvm_memory_max_bytes"
dataType: "raw"
aggregations:
- label: "area"
displayName: "Area"
- label: "id"
displayName: "Space"
- chart:
name: "Total live threads"
spans: 4
metricName: "jvm_threads_live_threads"
dataType: "raw"
- chart:
name: "Daemon threads"
spans: 4
metricName: "jvm_threads_daemon_threads"
dataType: "raw"
- chart:
name: "Threads states"
spans: 4
metricName: "jvm_threads_states_threads"
dataType: "raw"
aggregations:
- label: "state"
displayName: "State"
...
{{- end }}

59
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
View File

@ -1,59 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: microprofile-1.1
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: MicroProfile Metrics
runtime: MicroProfile
discoverOn: "base:thread_count"
items:
- chart:
name: "Current loaded classes"
spans: 6
metricName: "base:classloader_current_loaded_class_count"
dataType: "raw"
- chart:
name: "Unloaded classes"
spans: 6
metricName: "base:classloader_total_unloaded_class_count"
dataType: "raw"
- chart:
name: "Thread count"
spans: 4
metricName: "base:thread_count"
dataType: "raw"
- chart:
name: "Thread max count"
spans: 4
metricName: "base:thread_max_count"
dataType: "raw"
- chart:
name: "Thread daemon count"
spans: 4
metricName: "base:thread_daemon_count"
dataType: "raw"
- chart:
name: "Committed heap"
unit: "bytes"
spans: 4
metricName: "base:memory_committed_heap_bytes"
dataType: "raw"
- chart:
name: "Max heap"
unit: "bytes"
spans: 4
metricName: "base:memory_max_heap_bytes"
dataType: "raw"
- chart:
name: "Used heap"
unit: "bytes"
spans: 4
metricName: "base:memory_used_heap_bytes"
dataType: "raw"
...
{{- end }}

38
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
View File

@ -1,38 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: microprofile-x.y
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: MicroProfile Metrics
runtime: MicroProfile
discoverOn: "base:gc_complete_scavenger_count"
items:
- chart:
name: "Young GC time"
unit: "seconds"
spans: 3
metricName: "base:gc_young_generation_scavenger_time_seconds"
dataType: "raw"
- chart:
name: "Young GC count"
spans: 3
metricName: "base:gc_young_generation_scavenger_count"
dataType: "raw"
- chart:
name: "Total GC time"
unit: "seconds"
spans: 3
metricName: "base:gc_complete_scavenger_time_seconds"
dataType: "raw"
- chart:
name: "Total GC count"
spans: 3
metricName: "base:gc_complete_scavenger_count"
dataType: "raw"
...
{{- end }}

59
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
View File

@ -1,59 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: nodejs
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Node.js
title: Node.js Metrics
discoverOn: "nodejs_active_handles_total"
items:
- chart:
name: "Active handles"
spans: 4
metricName: "nodejs_active_handles_total"
dataType: "raw"
- chart:
name: "Active requests"
spans: 4
metricName: "nodejs_active_requests_total"
dataType: "raw"
- chart:
name: "Event loop lag"
unit: "seconds"
spans: 4
metricName: "nodejs_eventloop_lag_seconds"
dataType: "raw"
- chart:
name: "Total heap size"
unit: "bytes"
spans: 12
metricName: "nodejs_heap_space_size_total_bytes"
dataType: "raw"
aggregations:
- label: "space"
displayName: "Space"
- chart:
name: "Used heap size"
unit: "bytes"
spans: 6
metricName: "nodejs_heap_space_size_used_bytes"
dataType: "raw"
aggregations:
- label: "space"
displayName: "Space"
- chart:
name: "Available heap size"
unit: "bytes"
spans: 6
metricName: "nodejs_heap_space_size_available_bytes"
dataType: "raw"
aggregations:
- label: "space"
displayName: "Space"
...
{{- end }}

33
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
View File

@ -1,33 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: quarkus
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
title: Quarkus Metrics
runtime: Quarkus
items:
- chart:
name: "Thread count"
spans: 4
metricName: "vendor:thread_count"
dataType: "raw"
- chart:
name: "Used heap"
unit: "bytes"
spans: 4
metricName: "vendor:memory_heap_usage_bytes"
dataType: "raw"
- chart:
name: "Used non-heap"
unit: "bytes"
spans: 4
metricName: "vendor:memory_non_heap_usage_bytes"
dataType: "raw"
- include: "microprofile-x.y"
...
{{- end }}

16
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
View File

@ -1,16 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: springboot-jvm-pool
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Spring Boot
title: JVM Pool Metrics
items:
- include: "micrometer-1.0.6-jvm-pool"
...
{{- end }}

16
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
View File

@ -1,16 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: springboot-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Spring Boot
title: JVM Metrics
items:
- include: "micrometer-1.0.6-jvm"
...
{{- end }}

16
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
View File

@ -1,16 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: springboot-tomcat
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Spring Boot
title: Tomcat Metrics
items:
- include: "tomcat"
...
{{- end }}

22
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
View File

@ -1,22 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: thorntail
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Thorntail
title: Thorntail Metrics
discoverOn: "vendor:loaded_modules"
items:
- include: "microprofile-1.1"
- chart:
name: "Loaded modules"
spans: 6
metricName: "vendor:loaded_modules"
dataType: "raw"
...
{{- end }}

67
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
View File

@ -1,67 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: tomcat
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Tomcat
title: Tomcat Metrics
discoverOn: "tomcat_sessions_created_total"
items:
- chart:
name: "Sessions created"
spans: 4
metricName: "tomcat_sessions_created_total"
dataType: "raw"
- chart:
name: "Active sessions"
spans: 4
metricName: "tomcat_sessions_active_current"
dataType: "raw"
- chart:
name: "Sessions rejected"
spans: 4
metricName: "tomcat_sessions_rejected_total"
dataType: "raw"
- chart:
name: "Bytes sent"
unit: "bitrate"
spans: 6
metricName: "tomcat_global_sent_bytes_total"
dataType: "rate"
aggregations:
- label: "name"
displayName: "Name"
- chart:
name: "Bytes received"
unit: "bitrate"
spans: 6
metricName: "tomcat_global_received_bytes_total"
dataType: "rate"
aggregations:
- label: "name"
displayName: "Name"
- chart:
name: "Global errors"
spans: 6
metricName: "tomcat_global_error_total"
dataType: "raw"
aggregations:
- label: "name"
displayName: "Name"
- chart:
name: "Servlet errors"
spans: 6
metricName: "tomcat_servlet_error_total"
dataType: "raw"
aggregations:
- label: "name"
displayName: "Name"
...
{{- end }}

60
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
View File

@ -1,60 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: vertx-client
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Client Metrics
discoverOn: "vertx_http_client_connections"
items:
- chart:
name: "Client response time"
unit: "seconds"
spans: 6
metricName: "vertx_http_client_responseTime_seconds"
dataType: "histogram"
aggregations:
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Client request count rate"
unit: "ops"
spans: 6
metricName: "vertx_http_client_requestCount_total"
dataType: "rate"
aggregations:
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Client active connections"
spans: 6
metricName: "vertx_http_client_connections"
dataType: "raw"
- chart:
name: "Client active websockets"
spans: 6
metricName: "vertx_http_client_wsConnections"
dataType: "raw"
- chart:
name: "Client bytes sent"
unit: "bytes"
spans: 6
metricName: "vertx_http_client_bytesSent"
dataType: "histogram"
- chart:
name: "Client bytes received"
unit: "bytes"
spans: 6
metricName: "vertx_http_client_bytesReceived"
dataType: "histogram"
...
{{- end }}

59
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
View File

@ -1,59 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: vertx-eventbus
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Eventbus Metrics
discoverOn: "vertx_eventbus_handlers"
items:
- chart:
name: "Event bus handlers"
spans: 6
metricName: "vertx_eventbus_handlers"
dataType: "raw"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus pending messages"
spans: 6
metricName: "vertx_eventbus_pending"
dataType: "raw"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus processing time"
unit: "seconds"
spans: 6
metricName: "vertx_eventbus_processingTime_seconds"
dataType: "histogram"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus bytes read"
unit: "bytes"
spans: 6
metricName: "vertx_eventbus_bytesRead"
dataType: "histogram"
aggregations:
- label: "address"
displayName: "Eventbus address"
- chart:
name: "Event bus bytes written"
unit: "bytes"
spans: 6
metricName: "vertx_eventbus_bytesWritten"
dataType: "histogram"
aggregations:
- label: "address"
displayName: "Eventbus address"
...
{{- end }}

16
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
View File

@ -1,16 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: vertx-jvm
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: JVM Metrics
items:
- include: "micrometer-1.1-jvm"
...
{{- end }}

68
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
View File

@ -1,68 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: vertx-pool
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Pools Metrics
discoverOn: "vertx_pool_ratio"
items:
- chart:
name: "Usage duration"
unit: "seconds"
spans: 6
metricName: "vertx_pool_usage_seconds"
dataType: "histogram"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Usage ratio"
spans: 6
metricName: "vertx_pool_ratio"
dataType: "raw"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Queue size"
spans: 6
metricName: "vertx_pool_queue_size"
dataType: "raw"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Time in queue"
unit: "seconds"
spans: 6
metricName: "vertx_pool_queue_delay_seconds"
dataType: "histogram"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
- chart:
name: "Resources used"
spans: 6
metricName: "vertx_pool_inUse"
dataType: "raw"
aggregations:
- label: "pool_name"
displayName: "Name"
- label: "pool_type"
displayName: "Type"
...
{{- end }}

62
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
View File

@ -1,62 +0,0 @@
{{- if (include "kiali-server.isDashboardEnabled" .) }}
---
apiVersion: monitoring.kiali.io/v1alpha1
kind: MonitoringDashboard
metadata:
name: vertx-server
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
runtime: Vert.x
title: Vert.x Server Metrics
discoverOn: "vertx_http_server_connections"
items:
- chart:
name: "Server response time"
unit: "seconds"
spans: 6
metricName: "vertx_http_server_responseTime_seconds"
dataType: "histogram"
aggregations:
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Server request count rate"
unit: "ops"
spans: 6
metricName: "vertx_http_server_requestCount_total"
dataType: "rate"
aggregations:
- label: "code"
displayName: "Error code"
- label: "path"
displayName: "Path"
- label: "method"
displayName: "Method"
- chart:
name: "Server active connections"
spans: 6
metricName: "vertx_http_server_connections"
dataType: "raw"
- chart:
name: "Server active websockets"
spans: 6
metricName: "vertx_http_server_wsConnections"
dataType: "raw"
- chart:
name: "Server bytes sent"
unit: "bytes"
spans: 6
metricName: "vertx_http_server_bytesSent"
dataType: "histogram"
- chart:
name: "Server bytes received"
unit: "bytes"
spans: 6
metricName: "vertx_http_server_bytesReceived"
dataType: "histogram"
...
{{- end }}

179
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/deployment.yaml
View File

@ -1,179 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "kiali-server.selectorLabels" . | nindent 6 }}
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
name: {{ include "kiali-server.fullname" . }}
labels:
{{- include "kiali-server.labels" . | nindent 8 }}
{{- if .Values.deployment.pod_labels }}
{{- toYaml .Values.deployment.pod_labels | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.server.metrics_enabled }}
prometheus.io/scrape: "true"
prometheus.io/port: {{ .Values.server.metrics_port | quote }}
{{- else }}
prometheus.io/scrape: "false"
prometheus.io/port: ""
{{- end }}
kiali.io/runtimes: go,kiali
{{- if .Values.deployment.pod_annotations }}
{{- toYaml .Values.deployment.pod_annotations | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "kiali-server.fullname" . }}
{{- if .Values.deployment.priority_class_name }}
priorityClassName: {{ .Values.deployment.priority_class_name | quote }}
{{- end }}
{{- if .Values.deployment.image_pull_secrets }}
imagePullSecrets:
{{- range .Values.deployment.image_pull_secrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}"
imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }}
name: {{ include "kiali-server.fullname" . }}
command:
- "/opt/kiali/kiali"
- "-config"
- "/kiali-configuration/config.yaml"
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- name: api-port
containerPort: {{ .Values.server.port | default 20001 }}
{{- if .Values.server.metrics_enabled }}
- name: http-metrics
containerPort: {{ .Values.server.metrics_port | default 9090 }}
{{- end }}
readinessProbe:
httpGet:
path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz
port: api-port
{{- if (include "kiali-server.identity.cert_file" .) }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
initialDelaySeconds: 5
periodSeconds: 30
livenessProbe:
httpGet:
path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz
port: api-port
{{- if (include "kiali-server.identity.cert_file" .) }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
initialDelaySeconds: 5
periodSeconds: 30
env:
- name: ACTIVE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LOG_LEVEL
value: "{{ include "kiali-server.logLevel" . }}"
- name: LOG_FORMAT
value: "{{ .Values.deployment.logger.log_format }}"
- name: LOG_TIME_FIELD_FORMAT
value: "{{ .Values.deployment.logger.time_field_format }}"
- name: LOG_SAMPLER_RATE
value: "{{ .Values.deployment.logger.sampler_rate }}"
volumeMounts:
{{- if .Values.web_root_override }}
- name: kiali-console
subPath: env.js
mountPath: /opt/kiali/console/env.js
{{- end }}
- name: {{ include "kiali-server.fullname" . }}-configuration
mountPath: "/kiali-configuration"
- name: {{ include "kiali-server.fullname" . }}-cert
mountPath: "/kiali-cert"
- name: {{ include "kiali-server.fullname" . }}-secret
mountPath: "/kiali-secret"
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
- name: {{ include "kiali-server.fullname" . }}-cabundle
mountPath: "/kiali-cabundle"
{{- end }}
{{- if .Values.deployment.resources }}
resources:
{{- toYaml .Values.deployment.resources | nindent 10 }}
{{- end }}
volumes:
{{- if .Values.web_root_override }}
- name: kiali-console
configMap:
name: kiali-console
items:
- key: env.js
path: env.js
{{- end }}
- name: {{ include "kiali-server.fullname" . }}-configuration
configMap:
name: {{ include "kiali-server.fullname" . }}
- name: {{ include "kiali-server.fullname" . }}-cert
secret:
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
secretName: {{ include "kiali-server.fullname" . }}-cert-secret
{{- else }}
secretName: istio.{{ include "kiali-server.fullname" . }}-service-account
{{- end }}
{{- if not (include "kiali-server.identity.cert_file" .) }}
optional: true
{{- end }}
- name: {{ include "kiali-server.fullname" . }}-secret
secret:
secretName: {{ .Values.deployment.secret_name }}
optional: true
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
- name: {{ include "kiali-server.fullname" . }}-cabundle
configMap:
name: {{ include "kiali-server.fullname" . }}-cabundle
{{- end }}
{{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }}
affinity:
{{- if .Values.deployment.affinity.node }}
nodeAffinity:
{{- toYaml .Values.deployment.affinity.node | nindent 10 }}
{{- end }}
{{- if .Values.deployment.affinity.pod }}
podAffinity:
{{- toYaml .Values.deployment.affinity.pod | nindent 10 }}
{{- end }}
{{- if .Values.deployment.affinity.pod_anti }}
podAntiAffinity:
{{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.tolerations }}
tolerations:
{{- toYaml .Values.deployment.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.deployment.node_selector }}
nodeSelector:
{{- toYaml .Values.deployment.node_selector | nindent 8 }}
{{- end }}
...

17
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/hpa.yaml
View File

@ -1,17 +0,0 @@
{{- if .Values.deployment.hpa.spec }}
---
apiVersion: {{ .Values.deployment.hpa.api_version }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "kiali-server.fullname" . }}
{{- toYaml .Values.deployment.hpa.spec | nindent 2 }}
...
{{- end }}

43
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/ingress.yaml
View File

@ -1,43 +0,0 @@
{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }}
{{- if .Values.deployment.ingress_enabled }}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
annotations:
{{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}
{{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
{{- else }}
# For ingress-nginx versions older than 0.20.0 use secure-backends.
# (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948)
# For ingress-nginx versions 0.20.0 and later use backend-protocol.
{{- if (include "kiali-server.identity.cert_file" .) }}
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
{{- else }}
nginx.ingress.kubernetes.io/secure-backends: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
{{- end }}
{{- end }}
spec:
{{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
{{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
{{- else }}
rules:
- http:
paths:
- path: {{ include "kiali-server.server.web_root" . }}
backend:
serviceName: {{ include "kiali-server.fullname" . }}
servicePort: {{ .Values.server.port }}
{{- if not (empty .Values.server.web_fqdn) }}
host: {{ .Values.server.web_fqdn }}
{{- end }}
{{- end }}
...
{{- end }}
{{- end }}

17
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/oauth.yaml
View File

@ -1,17 +0,0 @@
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- if .Values.kiali_route_url }}
---
apiVersion: oauth.openshift.io/v1
kind: OAuthClient
metadata:
name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
redirectURIs:
- {{ .Values.kiali_route_url }}
grantMethod: auto
allowAnyScope: true
...
{{- end }}
{{- end }}

67
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/psp.yaml
View File

@ -1,67 +0,0 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "kiali-server.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "kiali-server.fullname" . }}-psp
subjects:
- kind: ServiceAccount
name: kiali
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "kiali-server.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- policy
resourceNames:
- {{ include "kiali-server.fullname" . }}-psp
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "kiali-server.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
spec:
allowPrivilegeEscalation: false
forbiddenSysctls:
- '*'
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end }}

15
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-controlplane.yaml
View File

@ -1,15 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "kiali-server.fullname" . }}-controlplane
namespace: {{ include "kiali-server.istio_namespace" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- secrets
verbs:
- list
...

96
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-viewer.yaml
View File

@ -1,96 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kiali-server.fullname" . }}-viewer
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- pods/log
- pods/proxy
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- namespaces
- pods
- replicationcontrollers
- services
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- pods/portforward
verbs:
- create
- post
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
- security.istio.io
resources: ["*"]
verbs:
- get
- list
- watch
- apiGroups: ["apps.openshift.io"]
resources:
- deploymentconfigs
verbs:
- get
- list
- watch
- apiGroups: ["project.openshift.io"]
resources:
- projects
verbs:
- get
- apiGroups: ["route.openshift.io"]
resources:
- routes
verbs:
- get
- apiGroups: ["monitoring.kiali.io"]
resources:
- monitoringdashboards
verbs:
- get
- list
- apiGroups: ["iter8.tools"]
resources:
- experiments
verbs:
- get
- list
- watch
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs:
- create
...

106
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role.yaml
View File

@ -1,106 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kiali-server.fullname" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- pods/log
- pods/proxy
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- namespaces
- pods
- replicationcontrollers
- services
verbs:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- pods/portforward
verbs:
- create
- post
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- patch
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- patch
- apiGroups:
- networking.istio.io
- security.istio.io
resources: ["*"]
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups: ["apps.openshift.io"]
resources:
- deploymentconfigs
verbs:
- get
- list
- watch
- patch
- apiGroups: ["project.openshift.io"]
resources:
- projects
verbs:
- get
- apiGroups: ["route.openshift.io"]
resources:
- routes
verbs:
- get
- apiGroups: ["monitoring.kiali.io"]
resources:
- monitoringdashboards
verbs:
- get
- list
- apiGroups: ["iter8.tools"]
resources:
- experiments
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs:
- create
...

17
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
View File

@ -1,17 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "kiali-server.fullname" . }}-controlplane
namespace: {{ include "kiali-server.istio_namespace" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "kiali-server.fullname" . }}-controlplane
subjects:
- kind: ServiceAccount
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
...

20
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding.yaml
View File

@ -1,20 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kiali-server.fullname" . }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- if .Values.deployment.view_only_mode }}
name: {{ include "kiali-server.fullname" . }}-viewer
{{- else }}
name: {{ include "kiali-server.fullname" . }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
...

30
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/route.yaml
View File

@ -1,30 +0,0 @@
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
{{- if .Values.deployment.ingress_enabled }}
# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
{{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}}
annotations:
{{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
{{- end }}
spec:
{{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
{{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
{{- else }}
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
to:
kind: Service
targetPort: {{ .Values.server.port }}
name: {{ include "kiali-server.fullname" . }}
{{- end }}
...
{{- end }}
{{- end }}

45
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/service.yaml
View File

@ -1,45 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
annotations:
{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret
{{- end }}
{{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }}
{{- if empty .Values.server.web_port }}
kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }}
{{- else }}
kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }}
{{- end }}
{{- end }}
{{- if .Values.deployment.service_annotations }}
{{- toYaml .Values.deployment.service_annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.deployment.service_type }}
type: {{ .Values.deployment.service_type }}
{{- end }}
ports:
{{- if (include "kiali-server.identity.cert_file" .) }}
- name: tcp
{{- else }}
- name: http
{{- end }}
protocol: TCP
port: {{ .Values.server.port }}
{{- if .Values.server.metrics_enabled }}
- name: http-metrics
protocol: TCP
port: {{ .Values.server.metrics_port }}
{{- end }}
selector:
{{- include "kiali-server.selectorLabels" . | nindent 4 }}
{{- if .Values.deployment.additional_service_yaml }}
{{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }}
{{- end }}
...

9
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/serviceaccount.yaml
View File

@ -1,9 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "kiali-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
...

14
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
View File

@ -1,14 +0,0 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
# {{- $found := dict -}}
# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}}
# {{- range .Capabilities.APIVersions -}}
# {{- if hasKey $found (toString .) -}}
# {{- set $found (toString .) true -}}
# {{- end -}}
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}

12
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
View File

@ -1,12 +0,0 @@
{{- if .Values.web_root_override }}
apiVersion: v1
kind: ConfigMap
metadata:
name: kiali-console
namespace: {{ .Release.Namespace }}
labels:
{{- include "kiali-server.labels" . | nindent 4 }}
data:
env.js: |
window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali';
{{- end }}

98
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/values.yaml
View File

@ -1,98 +0,0 @@
# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead.
# This is only supported for backward compatibility and will be removed in a future version.
# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali",
# then 'deployment.instance_name' will take the value of 'fullnameOverride' value.
# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used.
fullnameOverride: "kiali"
# This is required for "openshift" auth strategy.
# You have to know ahead of time what your Route URL will be because
# right now the helm chart can't figure this out at runtime (it would
# need to wait for the Kiali Route to be deployed and for OpenShift
# to start it up). If someone knows how to update this helm chart to
# do this, a PR would be welcome.
kiali_route_url: ""
# rancher specific override that allows proxy access to kiali url
web_root_override: true
#
# Settings that mimic the Kiali CR which are placed in the ConfigMap.
# Note that only those values used by the Helm Chart will be here.
#
istio_namespace: "" # default is where Kiali is installed
auth:
openid: {}
openshift: {}
strategy: ""
deployment:
# This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything.
# For more control over what the Kial Service Account can see, use the Kiali Operator
accessible_namespaces:
- "**"
additional_service_yaml: {}
affinity:
node: {}
pod: {}
pod_anti: {}
custom_dashboards:
excludes: ['']
includes: ['*']
hpa:
api_version: "autoscaling/v2beta2"
spec: {}
repository: rancher/mirrored-kiali-kiali
image_pull_policy: "Always"
image_pull_secrets: []
tag: v1.35.0
ingress_enabled: true
instance_name: "kiali"
logger:
log_format: "text"
log_level: "info"
time_field_format: "2006-01-02T15:04:05Z07:00"
sampler_rate: "1"
node_selector: {}
override_ingress_yaml:
metadata: {}
pod_annotations: {}
pod_labels: {}
priority_class_name: ""
replicas: 1
resources: {}
secret_name: "kiali"
service_annotations: {}
service_type: ""
tolerations: []
version_label: v1.35.0
view_only_mode: false
external_services:
custom_dashboards:
enabled: true
identity: {}
#cert_file:
#private_key_file:
login_token:
signing_key: ""
server:
port: 20001
metrics_enabled: true
metrics_port: 9090
web_root: ""
# Common settings used among istio subcharts.
global:
# Specify rancher clusterId of external tracing config
# https://github.com/istio/istio.io/issues/4146#issuecomment-493543032
cattle:
systemDefaultRegistry: ""
clusterId:
rbac:
pspEnabled: false

23
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

12
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/Chart.yaml
View File

@ -1,12 +0,0 @@
annotations:
catalog.cattle.io/hidden: "true"
catalog.cattle.io/os: linux
catalog.rancher.io/certified: rancher
catalog.rancher.io/namespace: istio-system
catalog.rancher.io/release-name: rancher-tracing
apiVersion: v1
appVersion: 1.20.0
description: A quick start Jaeger Tracing installation using the all-in-one demo.
This is not production qualified. Refer to https://www.jaegertracing.io/ for details.
name: tracing
version: 1.20.1

5
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/README.md
View File

@ -1,5 +0,0 @@
# Jaeger
A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices.
> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs.

92
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_affinity.tpl
View File

@ -1,92 +0,0 @@
{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}}
{{- define "nodeAffinity" }}
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
{{- include "nodeAffinityRequiredDuringScheduling" . }}
preferredDuringSchedulingIgnoredDuringExecution:
{{- include "nodeAffinityPreferredDuringScheduling" . }}
{{- end }}
{{- define "nodeAffinityRequiredDuringScheduling" }}
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
{{- range $key, $val := .Values.global.arch }}
{{- if gt ($val | int) 0 }}
- {{ $key | quote }}
{{- end }}
{{- end }}
{{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}}
{{- range $key, $val := $nodeSelector }}
- key: {{ $key }}
operator: In
values:
- {{ $val | quote }}
{{- end }}
{{- end }}
{{- define "nodeAffinityPreferredDuringScheduling" }}
{{- range $key, $val := .Values.global.arch }}
{{- if gt ($val | int) 0 }}
- weight: {{ $val | int }}
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- {{ $key | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- define "podAntiAffinity" }}
{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}}
podAntiAffinity:
{{- if .Values.podAntiAffinityLabelSelector }}
requiredDuringSchedulingIgnoredDuringExecution:
{{- include "podAntiAffinityRequiredDuringScheduling" . }}
{{- end }}
{{- if or .Values.podAntiAffinityTermLabelSelector}}
preferredDuringSchedulingIgnoredDuringExecution:
{{- include "podAntiAffinityPreferredDuringScheduling" . }}
{{- end }}
{{- end }}
{{- end }}
{{- define "podAntiAffinityRequiredDuringScheduling" }}
{{- range $index, $item := .Values.podAntiAffinityLabelSelector }}
- labelSelector:
matchExpressions:
- key: {{ $item.key }}
operator: {{ $item.operator }}
{{- if $item.values }}
values:
{{- $vals := split "," $item.values }}
{{- range $i, $v := $vals }}
- {{ $v | quote }}
{{- end }}
{{- end }}
topologyKey: {{ $item.topologyKey }}
{{- end }}
{{- end }}
{{- define "podAntiAffinityPreferredDuringScheduling" }}
{{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }}
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: {{ $item.key }}
operator: {{ $item.operator }}
{{- if $item.values }}
values:
{{- $vals := split "," $item.values }}
{{- range $i, $v := $vals }}
- {{ $v | quote }}
{{- end }}
{{- end }}
topologyKey: {{ $item.topologyKey }}
weight: 100
{{- end }}
{{- end }}

32
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_helpers.tpl
View File

@ -1,32 +0,0 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "tracing.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "tracing.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

86
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/deployment.yaml
View File

@ -1,86 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ .Values.provider }}
template:
metadata:
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
sidecar.istio.io/inject: "false"
prometheus.io/scrape: "true"
prometheus.io/port: "14269"
{{- if .Values.jaeger.podAnnotations }}
{{ toYaml .Values.jaeger.podAnnotations | indent 8 }}
{{- end }}
spec:
containers:
- name: jaeger
image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
env:
{{- if eq .Values.jaeger.spanStorageType "badger" }}
- name: BADGER_EPHEMERAL
value: "false"
- name: SPAN_STORAGE_TYPE
value: "badger"
- name: BADGER_DIRECTORY_VALUE
value: "/badger/data"
- name: BADGER_DIRECTORY_KEY
value: "/badger/key"
{{- end }}
- name: COLLECTOR_ZIPKIN_HTTP_PORT
value: "9411"
- name: MEMORY_MAX_TRACES
value: "{{ .Values.jaeger.memory.max_traces }}"
- name: QUERY_BASE_PATH
value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }}
livenessProbe:
httpGet:
path: /
port: 14269
readinessProbe:
httpGet:
path: /
port: 14269
{{- if eq .Values.jaeger.spanStorageType "badger" }}
volumeMounts:
- name: data
mountPath: /badger
{{- end }}
resources:
{{- if .Values.jaeger.resources }}
{{ toYaml .Values.jaeger.resources | indent 12 }}
{{- else }}
{{ toYaml .Values.global.defaultResources | indent 12 }}
{{- end }}
affinity:
{{- include "nodeAffinity" . | indent 6 }}
{{- include "podAntiAffinity" . | indent 6 }}
{{- if .Values.global.rbac.pspEnabled }}
securityContext:
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: {{ include "tracing.fullname" . }}
{{- end }}
{{- if eq .Values.jaeger.spanStorageType "badger" }}
volumes:
- name: data
{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
persistentVolumeClaim:
claimName: istio-jaeger-pvc
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}

86
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/psp.yaml
View File

@ -1,86 +0,0 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "tracing.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "tracing.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups:
- policy
resourceNames:
- {{ include "tracing.fullname" . }}
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "tracing.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
allowPrivilegeEscalation: false
forbiddenSysctls:
- '*'
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- emptyDir
- secret
- persistentVolumeClaim
{{- end }}

16
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/pvc.yaml
View File

@ -1,16 +0,0 @@
{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: istio-jaeger-pvc
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
spec:
storageClassName: {{ .Values.jaeger.storageClassName }}
accessModes:
- {{ .Values.jaeger.accessMode }}
resources:
requests:
storage: {{.Values.jaeger.persistentVolumeClaim.storage }}
{{- end }}

63
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/service.yaml
View File

@ -1,63 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: tracing
namespace: {{ .Release.Namespace }}
annotations:
{{- range $key, $val := .Values.service.annotations }}
{{ $key }}: {{ $val | quote }}
{{- end }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.service.type }}
ports:
- name: {{ .Values.service.name }}
port: {{ .Values.service.externalPort }}
protocol: TCP
targetPort: 16686
selector:
app: {{ .Values.provider }}
---
# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
apiVersion: v1
kind: Service
metadata:
name: zipkin
namespace: {{ .Release.Namespace }}
labels:
name: zipkin
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
ports:
- name: {{ .Values.service.name }}
port: {{ .Values.zipkin.queryPort }}
targetPort: {{ .Values.zipkin.queryPort }}
selector:
app: {{ .Values.provider }}
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.provider }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: ClusterIP
ports:
- name: jaeger-collector-http
port: 14268
targetPort: 14268
protocol: TCP
- name: jaeger-collector-grpc
port: 14250
targetPort: 14250
protocol: TCP
selector:
app: {{ .Values.provider }}

44
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/values.yaml
View File

@ -1,44 +0,0 @@
provider: jaeger
contextPath: ""
nodeSelector: {}
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
nameOverride: ""
fullnameOverride: ""
global:
cattle:
systemDefaultRegistry: ""
defaultResources: {}
imagePullPolicy: IfNotPresent
imagePullSecrets: []
arch:
amd64: 2
s390x: 2
ppc64le: 2
defaultNodeSelector: {}
rbac:
pspEnabled: false
jaeger:
repository: rancher/mirrored-jaegertracing-all-in-one
tag: 1.20.0
# spanStorageType value can be "memory" and "badger" for all-in-one image
spanStorageType: badger
resources:
requests:
cpu: 10m
persistentVolumeClaim:
enabled: false
storage: 5Gi
storageClassName: ""
accessMode: ReadWriteMany
memory:
max_traces: 50000
zipkin:
queryPort: 9411
service:
annotations: {}
name: http-query
type: ClusterIP
externalPort: 16686

82
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/configs/istio-base.yaml
View File

@ -1,82 +0,0 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
base:
enabled: {{ .Values.base.enabled }}
cni:
enabled: {{ .Values.cni.enabled }}
egressGateways:
- enabled: {{ .Values.egressGateways.enabled }}
name: istio-egressgateway
ingressGateways:
- enabled: {{ .Values.ingressGateways.enabled }}
name: istio-ingressgateway
k8s:
service:
ports:
- name: status-port
port: 15021
targetPort: 15021
- name: http2
port: 80
targetPort: 8080
nodePort: 31380
- name: https
port: 443
targetPort: 8443
nodePort: 31390
- name: tcp
port: 31400
targetPort: 31400
nodePort: 31400
- name: tls
port: 15443
targetPort: 15443
istiodRemote:
enabled: {{ .Values.istiodRemote.enabled }}
pilot:
enabled: {{ .Values.pilot.enabled }}
hub: {{ .Values.systemDefaultRegistry | default "docker.io" }}
profile: default
tag: {{ .Values.tag }}
revision: {{ .Values.revision }}
meshConfig:
defaultConfig:
proxyMetadata:
{{- if .Values.dns.enabled }}
ISTIO_META_DNS_CAPTURE: "true"
{{- end }}
values:
gateways:
istio-egressgateway:
name: istio-egressgateway
type: {{ .Values.egressGateways.type }}
istio-ingressgateway:
name: istio-ingressgateway
type: {{ .Values.ingressGateways.type }}
global:
istioNamespace: {{ template "istio.namespace" . }}
proxy:
image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}
proxy_init:
image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}
{{- if .Values.global.defaultPodDisruptionBudget.enabled }}
defaultPodDisruptionBudget:
enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }}
{{- end }}
{{- if .Values.pilot.enabled }}
pilot:
image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }}
{{- end }}
telemetry:
enabled: {{ .Values.telemetry.enabled }}
v2:
enabled: {{ .Values.telemetry.v2.enabled }}
{{- if .Values.cni.enabled }}
cni:
image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }}
excludeNamespaces:
{{- toYaml .Values.cni.excludeNamespaces | nindent 8 }}
logLevel: {{ .Values.cni.logLevel }}
{{- end }}

7
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/requirements.yaml
View File

@ -1,7 +0,0 @@
dependencies:
- condition: kiali.enabled
name: kiali
repository: file://./charts/kiali
- condition: tracing.enabled
name: tracing
repository: file://./charts/tracing

37
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/samples/overlay-example.yaml
View File

@ -1,37 +0,0 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
ingressGateways:
- enabled: true
name: ilb-gateway
namespace: user-ingressgateway-ns
k8s:
resources:
requests:
cpu: 200m
service:
ports:
- name: tcp-citadel-grpc-tls
port: 8060
targetPort: 8060
- name: tcp-dns
port: 5353
serviceAnnotations:
cloud.google.com/load-balancer-type: internal
- enabled: true
name: other-gateway
namespace: cattle-istio-system
k8s:
resources:
requests:
cpu: 200m
service:
ports:
- name: tcp-citadel-grpc-tls
port: 8060
targetPort: 8060
- name: tcp-dns
port: 5353
serviceAnnotations:
cloud.google.com/load-balancer-type: internal

12
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/_helpers.tpl
View File

@ -1,12 +0,0 @@
{{/* Ensure namespace is set the same everywhere */}}
{{- define "istio.namespace" -}}
{{- .Release.Namespace | default "istio-system" -}}
{{- end -}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

43
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/admin-role.yaml
View File

@ -1,43 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: istio-admin
namespace: {{ template "istio.namespace" . }}
rules:
- apiGroups:
- config.istio.io
resources:
- adapters
- attributemanifests
- handlers
- httpapispecbindings
- httpapispecs
- instances
- quotaspecbindings
- quotaspecs
- rules
- templates
verbs: ["get", "watch", "list"]
- apiGroups:
- networking.istio.io
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
- workloadentries
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- authorizationpolicies
- peerauthentications
- requestauthentications
verbs:
- '*'

7
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/base-config-map.yaml
View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-installer-base
namespace: {{ template "istio.namespace" . }}
data:
{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}

126
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrole.yaml
View File

@ -1,126 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: istio-installer
rules:
# istio groups
- apiGroups:
- authentication.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- install.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- telemetry.istio.io
resources:
- '*'
verbs:
- '*'
# k8s groups
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions.apiextensions.k8s.io
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- daemonsets
- deployments
- deployments/finalizers
- ingresses
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- events
- namespaces
- pods
- pods/exec
- persistentvolumeclaims
- secrets
- services
- serviceaccounts
verbs:
- '*'
- apiGroups:
- policy
resourceNames:
- istio-installer
resources:
- podsecuritypolicies
verbs:
- use

12
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrolebinding.yaml
View File

@ -1,12 +0,0 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-installer
subjects:
- kind: ServiceAccount
name: istio-installer
namespace: {{ template "istio.namespace" . }}
roleRef:
kind: ClusterRole
name: istio-installer
apiGroup: rbac.authorization.k8s.io

43
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/edit-role.yaml
View File

@ -1,43 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
namespace: {{ template "istio.namespace" . }}
name: istio-edit
rules:
- apiGroups:
- config.istio.io
resources:
- adapters
- attributemanifests
- handlers
- httpapispecbindings
- httpapispecs
- instances
- quotaspecbindings
- quotaspecs
- rules
- templates
verbs: ["get", "watch", "list"]
- apiGroups:
- networking.istio.io
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
- workloadentries
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- authorizationpolicies
- peerauthentications
- requestauthentications
verbs:
- '*'

51
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-cni-psp.yaml
View File

@ -1,51 +0,0 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp-istio-cni
namespace: {{ template "istio.namespace" . }}
spec:
allowPrivilegeEscalation: true
fsGroup:
rule: RunAsAny
hostNetwork: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- emptyDir
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: psp-istio-cni
namespace: {{ template "istio.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: psp-istio-cni
subjects:
- kind: ServiceAccount
name: istio-cni
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: psp-istio-cni
namespace: {{ template "istio.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- psp-istio-cni
resources:
- podsecuritypolicies
verbs:
- use
{{- end }}

66
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-job.yaml
View File

@ -1,66 +0,0 @@
apiVersion: batch/v1
kind: Job
metadata:
name: istioctl-installer
namespace: {{ template "istio.namespace" . }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 1
template:
spec:
{{- if .Values.installer.releaseMirror.enabled }}
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "github.com"
{{- end }}
containers:
- name: istioctl-installer
image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
env:
- name: RELEASE_NAME
value: {{ .Release.Name }}
- name: ISTIO_NAMESPACE
value: {{ template "istio.namespace" . }}
- name: FORCE_INSTALL
value: {{ .Values.forceInstall | default "false" | quote }}
- name: RELEASE_MIRROR_ENABLED
value: {{ .Values.installer.releaseMirror.enabled | quote }}
- name: SECONDS_SLEEP
value: {{ .Values.installer.debug.secondsSleep | quote}}
command: ["/bin/sh","-c"]
args: ["/usr/local/app/scripts/run.sh"]
volumeMounts:
- name: config-volume
mountPath: /app/istio-base.yaml
subPath: istio-base.yaml
{{- if .Values.overlayFile }}
- name: overlay-volume
mountPath: /app/overlay-config.yaml
subPath: overlay-config.yaml
{{- end }}
{{- if .Values.installer.releaseMirror.additionalIstioImage.enabled }}
- name: {{ .Values.installer.releaseMirror.additionalIstioImage.volumeMountName }}
mountPath: /opt/istio-releases/{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}/istio-{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}-linux-amd64.tar.gz
subPath: istio-{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}-linux-amd64.tar.gz
{{- end }}
volumes:
- name: config-volume
configMap:
name: istio-installer-base
{{- if .Values.overlayFile }}
- name: overlay-volume
configMap:
name: istio-installer-overlay
{{- end }}
{{- if .Values.installer.releaseMirror.additionalIstioImage.enabled }}
{{ toYaml .Values.installer.releaseMirror.additionalIstioImage.volumes | indent 8 }}
{{- end }}
serviceAccountName: istio-installer
securityContext:
runAsUser: 101
runAsGroup: 101
restartPolicy: Never

30
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-psp.yaml
View File

@ -1,30 +0,0 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: istio-installer
namespace: {{ template "istio.namespace" . }}
spec:
privileged: false
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
volumes:
- 'configMap'
- 'secret'
{{- end }}

81
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-psp.yaml
View File

@ -1,81 +0,0 @@
{{- if .Values.global.rbac.pspEnabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: istio-psp
namespace: {{ template "istio.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: istio-psp
subjects:
- kind: ServiceAccount
name: istio-egressgateway-service-account
- kind: ServiceAccount
name: istio-ingressgateway-service-account
- kind: ServiceAccount
name: istio-mixer-service-account
- kind: ServiceAccount
name: istio-operator-authproxy
- kind: ServiceAccount
name: istiod-service-account
- kind: ServiceAccount
name: istio-sidecar-injector-service-account
- kind: ServiceAccount
name: istiocoredns-service-account
- kind: ServiceAccount
name: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: istio-psp
namespace: {{ template "istio.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- istio-psp
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: istio-psp
namespace: {{ template "istio.namespace" . }}
spec:
allowPrivilegeEscalation: false
forbiddenSysctls:
- '*'
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end }}

45
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-uninstall-job.yaml
View File

@ -1,45 +0,0 @@
apiVersion: batch/v1
kind: Job
metadata:
name: istioctl-uninstaller
namespace: {{ template "istio.namespace" . }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
spec:
containers:
- name: istioctl-uninstaller
image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
env:
- name: RELEASE_NAME
value: {{ .Release.Name }}
- name: ISTIO_NAMESPACE
value: {{ template "istio.namespace" . }}
command: ["/bin/sh","-c"]
args: ["/usr/local/app/scripts/uninstall_istio_system.sh"]
volumeMounts:
- name: config-volume
mountPath: /app/istio-base.yaml
subPath: istio-base.yaml
{{- if .Values.overlayFile }}
- name: overlay-volume
mountPath: /app/overlay-config.yaml
subPath: overlay-config.yaml
{{ end }}
volumes:
- name: config-volume
configMap:
name: istio-installer-base
{{- if .Values.overlayFile }}
- name: overlay-volume
configMap:
name: istio-installer-overlay
{{ end }}
serviceAccountName: istio-installer
securityContext:
runAsUser: 101
runAsGroup: 101
restartPolicy: OnFailure

9
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/overlay-config-map.yaml
View File

@ -1,9 +0,0 @@
{{- if .Values.overlayFile }}
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-installer-overlay
namespace: {{ template "istio.namespace" . }}
data:
overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }}
{{- end }}

51
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/service-monitors.yaml
View File

@ -1,51 +0,0 @@
{{- if .Values.kiali.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: envoy-stats-monitor
namespace: {{ template "istio.namespace" . }}
labels:
monitoring: istio-proxies
spec:
selector:
matchExpressions:
- {key: istio-prometheus-ignore, operator: DoesNotExist}
namespaceSelector:
any: true
jobLabel: envoy-stats
endpoints:
- path: /stats/prometheus
targetPort: 15090
interval: 15s
relabelings:
- sourceLabels: [__meta_kubernetes_pod_container_port_name]
action: keep
regex: '.*-envoy-prom'
- action: labeldrop
regex: "__meta_kubernetes_pod_label_(.+)"
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: namespace
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: pod_name
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: istio-component-monitor
namespace: {{ template "istio.namespace" . }}
labels:
monitoring: istio-components
spec:
jobLabel: istio
targetLabels: [app]
selector:
matchExpressions:
- {key: istio, operator: In, values: [pilot]}
namespaceSelector:
any: true
endpoints:
- port: http-monitoring
interval: 15s
{{- end -}}

5
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/serviceaccount.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: istio-installer
namespace: {{ template "istio.namespace" . }}

41
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/view-role.yaml
View File

@ -1,41 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
namespace: {{ template "istio.namespace" . }}
name: istio-view
rules:
- apiGroups:
- config.istio.io
resources:
- adapters
- attributemanifests
- handlers
- httpapispecbindings
- httpapispecs
- instances
- quotaspecbindings
- quotaspecs
- rules
- templates
verbs: ["get", "watch", "list"]
- apiGroups:
- networking.istio.io
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
- workloadentries
verbs: ["get", "watch", "list"]
- apiGroups:
- security.istio.io
resources:
- authorizationpolicies
- peerauthentications
- requestauthentications
verbs: ["get", "watch", "list"]

100
charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/values.yaml
View File

@ -1,100 +0,0 @@
overlayFile: ""
tag: 1.10.4
##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install
forceInstall: false
installer:
repository: rancher/istio-installer
tag: 1.10.4-rancher5
##releaseMirror are configurations for istio upgrades.
##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal
##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets.
releaseMirror:
enabled: false
##If the image you need is not packaged with the rancher/istio-installer, create a volume mount with the istio-{{ .Values.installer.additionalIstioImage.tag }}-linux-amd64.tar.gz
##file in it and set the additionalIstioImage values to connect to the volume prior to installing/upgrading your rancher-istio chart.
additionalIstioImage:
enabled: false
volumeMountName: rancher-istio-additional-image
volumes:
- name: rancher-istio-additional-image
persistentVolumeClaim:
claimName: rancher-istio-additional-image
readOnly: false
tag: 1.10.4
##Set the secondsSleep to run a sleep command `sleep <secondsSleep>s` to allow time to exec into istio-installer pod for debugging
debug:
secondsSleep: 0
##Native support for dns added in 1.8
dns:
enabled: false
base:
enabled: true
cni:
enabled: false
repository: rancher/mirrored-istio-install-cni
tag: 1.10.4
logLevel: info
excludeNamespaces:
- istio-system
- kube-system
egressGateways:
enabled: false
type: NodePort
ingressGateways:
enabled: true
type: NodePort
istiodRemote:
enabled: false
pilot:
enabled: true
repository: rancher/mirrored-istio-pilot
tag: 1.10.4
telemetry:
enabled: true
v2:
enabled: true
global:
cattle:
systemDefaultRegistry: ""
proxy:
repository: rancher/mirrored-istio-proxyv2
tag: 1.10.4
proxy_init:
repository: rancher/mirrored-istio-proxyv2
tag: 1.10.4
defaultPodDisruptionBudget:
enabled: true
rbac:
pspEnabled: true
# Kiali subchart from rancher-kiali-server
kiali:
enabled: true
auth:
strategy: anonymous
deployment:
ingress_enabled: false
external_services:
prometheus:
custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
tracing:
in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger"
grafana:
in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
tracing:
enabled: false
contextPath: "/jaeger"

34
index.yaml
View File

@ -2489,40 +2489,6 @@ entries:
urls: urls:
- assets/rancher-istio/rancher-istio-100.1.0+up1.11.4.tgz - assets/rancher-istio/rancher-istio-100.1.0+up1.11.4.tgz
version: 100.1.0+up1.11.4 version: 100.1.0+up1.11.4
- annotations:
catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Istio
catalog.cattle.io/namespace: istio-system
catalog.cattle.io/os: linux
catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0'
catalog.cattle.io/release-name: rancher-istio
catalog.cattle.io/requests-cpu: 710m
catalog.cattle.io/requests-memory: 2314Mi
catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: istio
apiVersion: v1
appVersion: 1.10.4
created: "2021-10-28T13:35:09.130005-07:00"
dependencies:
- condition: kiali.enabled
name: kiali
repository: file://./charts/kiali
- condition: tracing.enabled
name: tracing
repository: file://./charts/tracing
description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
for details.
digest: f73e121f0af2903a5e51fd2b123045263da18ac8627b376c0dce49f6730dab26
icon: https://charts.rancher.io/assets/logos/istio.svg
keywords:
- networking
- infrastructure
name: rancher-istio
urls:
- assets/rancher-istio/rancher-istio-100.0.3+up1.10.4.tgz
version: 100.0.3+up1.10.4
- annotations: - annotations:
catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0 catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher