Skip to content

Commit

Permalink
robot: project gateway chart upgrades from 1.17.1 to 1.23.3
Browse files Browse the repository at this point in the history
Signed-off-by: robot <[email protected]>
  • Loading branch information
robot committed Nov 6, 2024
1 parent 88c224b commit 2d979aa
Show file tree
Hide file tree
Showing 26 changed files with 1,141 additions and 527 deletions.
2 changes: 1 addition & 1 deletion charts/gateway/config
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ export USE_OPENSOURCE_CHART=false
export REPO_URL=https://istio-release.storage.googleapis.com/charts
export REPO_NAME=istio
export CHART_NAME=gateway
export VERSION=1.17.1
export VERSION=1.23.3

# pr, issue, none
export UPGRADE_METHOD=pr
Expand Down
8 changes: 4 additions & 4 deletions charts/gateway/gateway/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
apiVersion: v2
appVersion: 1.17.1
appVersion: 1.23.3
description: Helm chart for deploying Istio gateways
icon: https://istio.io/latest/favicons/android-192x192.png
keywords:
- istio
- gateways
name: gateway
sources:
- http://github.com/istio/istio
- https://github.com/istio/istio
type: application
version: 1.17.1
version: 1.23.3
dependencies:
- name: gateway
version: "1.17.1"
version: "1.23.3"
repository: "https://istio-release.storage.googleapis.com/charts"
22 changes: 22 additions & 0 deletions charts/gateway/gateway/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,28 @@ To view support configuration options and documentation, run:
helm show values istio/gateway
```

### Profiles

Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets.
These can be set with `--set profile=<profile>`.
For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements.

For consistency, the same profiles are used across each chart, even if they do not impact a given chart.

Explicitly set values have highest priority, then profile settings, then chart defaults.

As an implementation detail of profiles, the default values for the chart are all nested under `defaults`.
When configuring the chart, you should not include this.
That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`.

### OpenShift

When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example:

```console
helm install istio-ingressgateway istio/gateway --set profile=openshift
```

### `image: auto` Information

The image used by the chart, `auto`, may be unintuitive.
Expand Down
6 changes: 3 additions & 3 deletions charts/gateway/gateway/charts/gateway/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
apiVersion: v2
appVersion: 1.17.1
appVersion: 1.23.3
description: Helm chart for deploying Istio gateways
icon: https://istio.io/latest/favicons/android-192x192.png
keywords:
- istio
- gateways
name: gateway
sources:
- http://github.com/istio/istio
- https://github.com/istio/istio
type: application
version: 1.17.1
version: 1.23.3
22 changes: 22 additions & 0 deletions charts/gateway/gateway/charts/gateway/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,28 @@ To view support configuration options and documentation, run:
helm show values istio/gateway
```

### Profiles

Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets.
These can be set with `--set profile=<profile>`.
For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements.

For consistency, the same profiles are used across each chart, even if they do not impact a given chart.

Explicitly set values have highest priority, then profile settings, then chart defaults.

As an implementation detail of profiles, the default values for the chart are all nested under `defaults`.
When configuring the chart, you should not include this.
That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`.

### OpenShift

When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example:

```console
helm install istio-ingressgateway istio/gateway --set profile=openshift
```

### `image: auto` Information

The image used by the chart, `auto`, may be unintuitive.
Expand Down
20 changes: 20 additions & 0 deletions charts/gateway/gateway/charts/gateway/files/profile-ambient.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed
meshConfig:
defaultConfig:
proxyMetadata:
ISTIO_META_ENABLE_HBONE: "true"
global:
variant: distroless
pilot:
env:
PILOT_ENABLE_AMBIENT: "true"
cni:
ambient:
enabled: true

# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
variant: distroless
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

pilot:
env:
# 1.21 behavioral changes
ENABLE_EXTERNAL_NAME_ALIAS: "false"
PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true"
VERIFY_CERTIFICATE_AT_CLIENT: "false"
ENABLE_AUTO_SNI: "false"

# 1.22 behavioral changes
ENABLE_ENHANCED_RESOURCE_SCOPING: "false"
ENABLE_RESOLUTION_NONE_TARGET_PORT: "false"

meshConfig:
defaultConfig:
proxyMetadata:
# 1.22 behavioral changes
ISTIO_DELTA_XDS: "false"
# 1.23 behavioral changes
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
tracing:
zipkin:
address: zipkin.istio-system:9411
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

pilot:
env:
# 1.22 behavioral changes
ENABLE_ENHANCED_RESOURCE_SCOPING: "false"
ENABLE_RESOLUTION_NONE_TARGET_PORT: "false"

# 1.23 behavioral changes
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"

meshConfig:
# 1.22 behavioral changes
defaultConfig:
proxyMetadata:
ISTIO_DELTA_XDS: "false"
# 1.23 behavioral changes
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
tracing:
zipkin:
address: zipkin.istio-system:9411
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

pilot:
env:
# 1.23 behavioral changes
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"

meshConfig:
defaultConfig:
proxyMetadata:
# 1.22 behavioral changes
ENABLE_DEFERRED_CLUSTER_CREATION: "false"
# 1.23 behavioral changes
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
73 changes: 73 additions & 0 deletions charts/gateway/gateway/charts/gateway/files/profile-demo.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

# The demo profile enables a variety of things to try out Istio in non-production environments.
# * Lower resource utilization.
# * Some additional features are enabled by default; especially ones used in some tasks in istio.io.
# * More ports enabled on the ingress, which is used in some tasks.
meshConfig:
accessLogFile: /dev/stdout
extensionProviders:
- name: otel
envoyOtelAls:
service: opentelemetry-collector.observability.svc.cluster.local
port: 4317
- name: skywalking
skywalking:
service: tracing.istio-system.svc.cluster.local
port: 11800
- name: otel-tracing
opentelemetry:
port: 4317
service: opentelemetry-collector.observability.svc.cluster.local

global:
proxy:
resources:
requests:
cpu: 10m
memory: 40Mi

pilot:
autoscaleEnabled: false
traceSampling: 100
resources:
requests:
cpu: 10m
memory: 100Mi

gateways:
istio-egressgateway:
autoscaleEnabled: false
resources:
requests:
cpu: 10m
memory: 40Mi
istio-ingressgateway:
autoscaleEnabled: false
ports:
## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces.
# Note that AWS ELB will by default perform health checks on the first port
# on this list. Setting this to the health check port will ensure that health
# checks always work. https://github.com/istio/istio/issues/12503
- port: 15021
targetPort: 15021
name: status-port
- port: 80
targetPort: 8080
name: http2
- port: 443
targetPort: 8443
name: https
- port: 31400
targetPort: 31400
name: tcp
# This is the port where sni routing happens
- port: 15443
targetPort: 15443
name: tls
resources:
requests:
cpu: 10m
memory: 40Mi
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

meshConfig:
defaultConfig:
proxyMetadata:
ISTIO_META_ENABLE_HBONE: "true"
global:
platform: openshift
cni:
ambient:
enabled: true
cniBinDir: /var/lib/cni/bin
cniConfDir: /etc/cni/multus/net.d
chained: false
cniConfFileName: "istio-cni.conf"
logLevel: info
provider: "multus"
pilot:
cni:
enabled: true
provider: "multus"
variant: distroless
env:
PILOT_ENABLE_AMBIENT: "true"
# Allow sidecars/ingress to send/receive HBONE. This is required for interop.
PILOT_ENABLE_SENDING_HBONE: "true"
PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
platform: openshift
variant: distroless
seLinuxOptions:
type: spc_t
20 changes: 20 additions & 0 deletions charts/gateway/gateway/charts/gateway/files/profile-openshift.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

# The OpenShift profile provides a basic set of settings to run Istio on OpenShift
# CNI must be installed.
cni:
cniBinDir: /var/lib/cni/bin
cniConfDir: /etc/cni/multus/net.d
chained: false
cniConfFileName: "istio-cni.conf"
logLevel: info
provider: "multus"
global:
platform: openshift
pilot:
cni:
enabled: true
provider: "multus"
platform: openshift
13 changes: 13 additions & 0 deletions charts/gateway/gateway/charts/gateway/files/profile-preview.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

# The preview profile contains features that are experimental.
# This is intended to explore new features coming to Istio.
# Stability, security, and performance are not guaranteed - use at your own risk.
meshConfig:
defaultConfig:
proxyMetadata:
# Enable Istio agent to handle DNS requests for known hosts
# Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf
ISTIO_META_DNS_CAPTURE: "true"
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
# The original version of this file is located at /manifests/helm-profiles directory.
# If you want to make a change in this file, edit the original one and run "make gen".

# The stable profile deploys admission control to ensure that only stable resources and fields are used
# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE
experimental:
stableValidationPolicy: true
4 changes: 2 additions & 2 deletions charts/gateway/gateway/charts/gateway/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
"{{ include "gateway.name" . }}" successfully installed!

To learn more about the release, try:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}
$ helm status {{ .Release.Name }} -n {{ .Release.Namespace }}
$ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }}

Next steps:
* Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/
Expand Down
Loading

0 comments on commit 2d979aa

Please sign in to comment.