diff --git a/packages/citrix-cpx-istio-sidecar-injector/generated-changes/overlay/app-readme.md b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/overlay/app-readme.md new file mode 100644 index 000000000..aa16d2136 --- /dev/null +++ b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/overlay/app-readme.md @@ -0,0 +1,28 @@ +# Citrix ADC as a Sidecar for Istio + +Citrix ADC [CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) can act as a sidecar proxy to an application container in Istio. You can inject the Citrix ADC CPX manually or automatically using the [Istio sidecar injector](https://istio.io/docs/setup/additional-setup/sidecar-injection/). + + +### Prerequisites + +The following prerequisites are required for deploying Citrix ADC as a sidecar in an application pod + +- Ensure that **Istio** is enabled. +- Ensure that your cluster has Kubernetes version 1.16.0 or later. +- Ensure the [Kubernetes controller manager](https://rancher.com/docs/rke/latest/en/config-options/services/#kubernetes-controller-manager)’s default certificate signer is enabled. + +**Note**: For RKE based cluster, extra arguments need to be provided for kube-controller service. +```services: + kube-controller: + extra_args: + cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" + cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem" +``` +For detailed information follow this [link](https://github.com/citrix/citrix-xds-adaptor/blob/master/docs/istio-integration/rancher-provisioned-cluster.md) + +### Important NOTE: + - We should not **Enable Istio Auto Injection** on Application namespace. + - The cpx-injection=enabled label is mandatory for injecting sidecars. + - An example to deploy application along with Citrix ADC CPX sidecar is provided [here](https://github.com/citrix/citrix-helm-charts/blob/master/examples/citrix-adc-in-istio/README.md). + +This catalog create resources required for automatically deploying Citrix ADC CPX as a sidecar proxy.For detailed information follow this [link](https://github.com/citrix/citrix-helm-charts/tree/master/citrix-cpx-istio-sidecar-injector) diff --git a/packages/citrix-cpx-istio-sidecar-injector/generated-changes/overlay/questions.yml b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/overlay/questions.yml new file mode 100644 index 000000000..18483b84a --- /dev/null +++ b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/overlay/questions.yml @@ -0,0 +1,291 @@ +labels: + io.rancher.certified: partner +questions: +- variable: xDSAdaptor.image + required: true + type: string + default: "quay.io/citrix/citrix-xds-adaptor:0.9.9" + description: "xds-adaptor Image to be used" + label: xDSAdaptor Image + group: "xDSAdaptor Settings" +- variable: xDSAdaptor.imagePullPolicy + required: true + type: enum + default: IfNotPresent + description: "Istio-adaptor Image pull policy" + label: istioAdaptor imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + group: "xDSAdaptor Settings" +- variable: xDSAdaptor.proxyType + required: true + type: string + default: true + label: xDSAdaptor proxyType + description: "xDSAdaptor proxyType type set to router by default" + group: "xDSAdaptor Settings" +- variable: xDSAdaptor.secureConnect + required: false + type: boolean + default: true + label: xDSAdaptor secureConnect + description: "xDSAdaptor establishes secure gRPC channel with Istio Pilot, if value is set to true" + group: "xDSAdaptor Settings" +- variable: xDSAdaptor.logLevel + required: false + type: enum + default: DEBUG + label: xDSAdaptor logLevel + description: "xDSAdaptor logLevel" + options: + - "TRACE" + - "DEBUG" + - "INFO" + - "WARN" + - "ERROR" + group: "xDSAdaptor Settings" +- variable: xDSAdaptor.jsonLog + required: false + type: string + default: "true" + label: xDSAdaptor jsonLog + description: "Set this argument to true if log messages are required in JSON format" + group: "xDSAdaptor Settings" +- variable: coe.coeURL + required: false + type: string + label: coe coeURL + description: "Name of Citrix Observability Exporter Service" + group: "COE Settings" +- variable: coe.coeTracing + required: false + type: boolean + label: coe coeTracing + description: "Used to send appflow transactions to Zipkin endpoint,if true ADM servicegraph (if configured) can be impacted" + group: "COE Settings" +- variable: istioPilot.name + required: true + type: string + default: istio-pilot + label: istio-pilot name + group: "istio-pilot Settings" +- variable: istioPilot.namespace + required: true + type: string + default: istio-system + label: istio-pilot namespace + description: "Name of the Istio Pilot service" + group: "istio-pilot Settings" +- variable: istioPilot.secureGrpcPort + required: true + type: int + default: 15011 + description: "Secure GRPC port where Istio Pilot is listening" + label: istio-pilot secureGrpcPort + show_if: "xDSAdaptor.secureConnect=true" + group: "istio-pilot Settings" +- variable: istioPilot.insecureGrpcPort + required: true + type: int + default: 15010 + label: istio-pilot insecureGrpcPort + description: "Insecure GRPC port where Istio Pilot is listening" + show_if: "xDSAdaptor.secureConnect=false" + group: "istio-pilot Settings" +- variable: istioPilot.SAN + required: false + type: string + default: + label: istio-pilot SAN + description: "Subject alternative name for Istio Pilot which is (SPIFFE) ID of Istio Pilot" + show_if: "xDSAdaptor.secureConnect=true" + group: "istio-pilot Settings" +- variable: certProvider.caAddr + required: true + type: string + default: "istiod.istio-system.svc" + label: certProvider caAddr + description: "Certificate Authority (CA) address issuing certificate to application" + group: "certProvider Settings" +- variable: certProvider.caPort + required: true + type: int + default: 15012 + label: certProvider caPort + description: "Certificate Authority (CA) port issuing certificate to application" + group: "certProvider Settings" +- variable: certProvider.trustDomain + required: true + type: string + default: "cluster.local" + label: certProvider trustDomain + description: "SPIFFE Trust Domain" + group: "certProvider Settings" +- variable: certProvider.certTTLinHours + required: true + type: int + default: 720 + label: certProvider certTTLinHours + description: "Validity of certificate generated by xds-adaptor and signed by Istiod (Istio Citadel) in hours." + group: "certProvider Settings" +- variable: certProvider.clusterId + required: true + type: string + default: "Kubernetes" + label: certProvider clusterId + description: "clusterId is the ID of the cluster where Istiod CA instance resides (default Kubernetes). It can be different value on some cloud platforms or in m +ulticluster environments. For example, in Anthos servicemesh, it might be of the format of `cn--`. In multiCluster environments, it is the val +ue of global.multiCluster.clusterName provided during servicemesh control plane installation" + group: "certProvider Settings" +- variable: certProvider.jwtPolicy + required: true + type: enum + default: "first-party-jwt" + label: certProvider jwtPolicy + description: "Kubernetes platform supports First party tokens and Third party tokens" + options: + - "first-party-jwt" + - "third-party-jwt" +- variable: cpxProxy.netscalerUrl + required: true + type: string + default: "http://127.0.0.1" + description: "Citrix ADC CPX image used as sidecar proxy" + label: cpxProxy image + group: "cpxProxy Settings" +- variable: cpxProxy.image + required: true + type: string + default: "quay.io/citrix/citrix-k8s-cpx-ingress:13.0-79.64" + description: "Citrix ADC CPX image used as sidecar proxy" + label: cpxProxy image + group: "cpxProxy Settings" +- variable: cpxProxy.imagePullPolicy + required: true + type: enum + default: IfNotPresent + description: "cpxProxy Image pull policy" + label: cpxProxy imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + group: "cpxProxy Settings" +- variable: cpxProxy.EULA + required: true + type: enum + label: cpxProxy EULA license + options: + - "YES" + - "NO" + group: "cpxProxy Settings" +- variable: cpxProxy.cpxSidecarMode + required: true + type: string + default: "YES" + description: "Environment variable for Citrix ADC CPX. It indicates that Citrix ADC CPX is running as sidecar mode or not" + label: cpxProxy image + options: + - "YES" + - "NO" + group: "cpxProxy Settings" +- variable: cpxProxy.mgmtHttpPort + required: true + type: int + default: 10080 + label: cpxProxy mgmtHttpPort + group: "cpxProxy Settings" +- variable: cpxProxy.mgmtHttpsPort + required: true + type: int + default: 10443 + label: cpxProxy mgmtHttpsPort + group: "cpxProxy Settings" +- variable: cpxProxy.cpxDisableProbe + required: true + type: string + default: YES + description: "Environment variable for Citrix ADC CPX. It indicates that Citrix ADC CPX will disable probing dynamic services. It should be enabled for multicluster setup." + label: cpxProxy cpxDisableProbe + options: + - "YES" + - "NO" + group: "cpxProxy Settings" +- variable: sidecarWebHook.webhookImage + required: true + type: string + default: "quay.io/citrix/cpx-istio-sidecar-injector:1.0.0" + label: sidecarWebHook webhookImage + description: "webhookImage image to be used" + group: "sidecarWebHook Settings" +- variable: sidecarWebHook.imagePullPolicy + required: true + type: enum + default: IfNotPresent + label: sidecarWebHook imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + group: "sidecarWebHook Settings" +- variable: sidecarCertsGenerator.image + required: true + type: string + default: " quay.io/citrix/cpx-sidecar-injector-certgen:1.1.0" + label: sidecarWebHook webhookImage + description: "webhookImage image to be used" + group: "sidecarCertsGenerator Settings" +- variable: sidecarCertsGenerator.imagePullPolicy + required: true + type: enum + default: IfNotPresent + label: sidecarWebHook imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + group: "sidecarCertsGenerator Settings" +- variable: ADMSettings.ADMIP + required: false + type: string + default: + label: ADMSettings ADMIP + description: "Citrix Application Delivery Management (ADM) IP address" + group: "ADMSettings Settings" +- variable: ADMSettings.licenseServerIP + required: false + type: string + default: + label: ADMSettings licenseServerIP + description: "Citrix License Server IP address" + group: "ADMSettings Settings" +- variable: ADMSettings.licenseServerPort + required: false + type: int + default: 27000 + label: ADMSettings licenseServerPort + description: "Citrix ADM port if a non-default port is used" + group: "ADMSettings Settings" +- variable: ADMSettings.bandWidthLicense + required: false + type: boolean + default: false + label: ADMSettings bandWidthLicense + description: "To specify bandwidth based licensing" + group: "ADMSettings Settings" +- variable: ADMSettings.bandWidth + required: false + type: string + default: + label: ADMSettings bandWidth + description: "Desired bandwidth capacity to be set for Citrix ADC CPX in Mbps" + group: "ADMSettings Settings" +- variable: webhook.injectionLabelName + required: true + type: string + default: "cpx-injection" + label: webhook injectionLabelName + description: "Label of namespace, where automatic sidecr injection is required" + group: "webhook Settings" diff --git a/packages/citrix-cpx-istio-sidecar-injector/generated-changes/patch/Chart.yaml.patch b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..8f3526b2a --- /dev/null +++ b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,25 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -1,15 +1,21 @@ ++annotations: ++ catalog.cattle.io/certified: partner ++ catalog.cattle.io/display-name: Citrix Cpx Istio Sidecar Injector ++ catalog.cattle.io/release-name: citrix-cpx-istio-sidecar-injector + apiVersion: v2 + appVersion: 1.11.0 + description: A Helm chart to deploy resources which install Citrix ADC CPX in Istio + Service Mesh as sidecar in application pod + home: https://www.citrix.com +-icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png ++icon: https://raw.githubusercontent.com/citrix/citrix-xds-adaptor/master/docs/media/Citrix_Logo_Trademark.png + kubeVersion: '>=v1.16.0-0' + maintainers: + - email: dhiraj.gedam@citrix.com + name: dheerajng + - email: subash.dangol@citrix.com + name: subashd ++- email: ajeeta.shakeet@citrix.com ++ name: ajeetas + name: citrix-cpx-istio-sidecar-injector + sources: + - https://github.com/citrix/citrix-xds-adaptor diff --git a/packages/citrix-cpx-istio-sidecar-injector/generated-changes/patch/README.md.patch b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/patch/README.md.patch new file mode 100644 index 000000000..f6a820b77 --- /dev/null +++ b/packages/citrix-cpx-istio-sidecar-injector/generated-changes/patch/README.md.patch @@ -0,0 +1,11 @@ +--- charts-original/README.md ++++ charts/README.md +@@ -163,7 +163,7 @@ + helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --namespace citrix-system --set cpxProxy.EULA=YES --set ADMSettings.ADMIP= + + > **Note:** +-> If container agent is being used here for Citrix ADM, specify `serviceIP` of container agent in the `ADMSettings.ADMIP` parameter. ++> If container agent is being used here for Citrix ADM, specify `PodIP` of container agent in the `ADMSettings.ADMIP` parameter. + + ## Generate Certificate for Application + diff --git a/packages/citrix-cpx-istio-sidecar-injector/package.yaml b/packages/citrix-cpx-istio-sidecar-injector/package.yaml new file mode 100644 index 000000000..7405e0d4a --- /dev/null +++ b/packages/citrix-cpx-istio-sidecar-injector/package.yaml @@ -0,0 +1,2 @@ +url: https://citrix.github.io/citrix-helm-charts/citrix-cpx-istio-sidecar-injector-1.11.0.tgz +packageVersion: 00