diff --git a/resources/istio/Chart.yaml b/resources/istio/Chart.yaml index 650f8409b0eb..9a0e715d123f 100644 --- a/resources/istio/Chart.yaml +++ b/resources/istio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: istio -version: 1.18.1 -appVersion: 1.18.1 +version: 1.19.0 +appVersion: 1.19.0 tillerVersion: ">=2.7.2-0" description: Kyma 2.0 Helm chart for Istio Operator resource keywords: diff --git a/resources/istio/profile-evaluation.yaml b/resources/istio/profile-evaluation.yaml deleted file mode 100644 index d0e70e79f772..000000000000 --- a/resources/istio/profile-evaluation.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- - -helmValues: - global: - defaultPodDisruptionBudget: - enabled: false - logging: - level: all:warn - proxy: - resources: - requests: - cpu: 10m - memory: 32Mi - limits: - cpu: 250m - memory: 254Mi - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - pilot: - autoscaleEnabled: false - gateways: - istio-ingressgateway: - autoscaleEnabled: false - -components: - cni: - enabled: true - config: - hpaSpec: - maxReplicas: 1 - minReplicas: 1 - resources: - limits: - cpu: 250m - memory: 384Mi - requests: - cpu: 10m - memory: 128Mi - - ingressGateways: - enabled: true - config: - resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 10m - memory: 32Mi - - pilot: - enabled: true - config: - hpaSpec: - maxReplicas: 1 - minReplicas: 1 - resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 50m - memory: 128Mi - -monitoring: - enabled: false - dashboards: - enabled: false diff --git a/resources/istio/profile-production.yaml b/resources/istio/profile-production.yaml deleted file mode 100644 index 6b44ead85434..000000000000 --- a/resources/istio/profile-production.yaml +++ /dev/null @@ -1,101 +0,0 @@ ---- - -helmValues: - global: - logging: - level: all:warn - proxy: - resources: - requests: - cpu: 10m - memory: 192Mi - limits: - cpu: 1000m - memory: 1024Mi - -components: - cni: - enabled: true - config: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - istio-cni-node - topologyKey: "kubernetes.io/hostname" - - ingressGateways: - enabled: true - config: - hpaSpec: - maxReplicas: 10 - minReplicas: 3 - metrics: - - resource: - name: cpu - target: - type: Utilization - averageUtilization: 80 - type: Resource - - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 - type: Resource - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - istio-ingressgateway - topologyKey: "kubernetes.io/hostname" - - pilot: - enabled: true - k8s: - strategy: - rollingUpdate: - maxSurge: 50% - maxUnavailable: "0" - config: - hpaSpec: - maxReplicas: 5 - minReplicas: 2 - resources: - limits: - cpu: 4000m - memory: 2Gi - requests: - cpu: 100m - memory: 512Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - istiod - topologyKey: "kubernetes.io/hostname" diff --git a/resources/istio/templates/istio-manager-config.yaml b/resources/istio/templates/istio-manager-config.yaml index 4105d83e3930..ce578d432ab5 100644 --- a/resources/istio/templates/istio-manager-config.yaml +++ b/resources/istio/templates/istio-manager-config.yaml @@ -1,2 +1,2 @@ kind: IstioOperatorConfiguration -tag: "1.0.0" +tag: "1.1.0" diff --git a/resources/istio/templates/istio-operator.yaml b/resources/istio/templates/istio-operator.yaml deleted file mode 100644 index 62999b1ebcda..000000000000 --- a/resources/istio/templates/istio-operator.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -metadata: - namespace: {{ .Release.Namespace }} - name: default-operator -spec: - hub: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.images.istio_pilot.directory}} - tag: {{ .Values.global.images.istio_pilot.version }} - profile: default - components: - cni: - namespace: {{ .Release.Namespace }} - enabled: {{ .Values.components.cni.enabled }} - k8s: -{{- toYaml .Values.components.cni.config | nindent 8}} - egressGateways: - - enabled: {{ .Values.components.egressGateways.enabled }} - k8s: -{{- toYaml .Values.components.egressGateways.config | nindent 8}} - name: istio-egressgateway - ingressGateways: - - enabled: {{ .Values.components.ingressGateways.enabled }} - k8s: -{{- toYaml .Values.components.ingressGateways.config | nindent 8}} - name: istio-ingressgateway - pilot: - enabled: {{ .Values.components.pilot.enabled }} - k8s: - podAnnotations: - reconciler.kyma-project.io/managed-by-reconciler-disclaimer: | - DO NOT EDIT - This resource is managed by Kyma. - Any modifications are discarded and the resource is reverted to the original state. - serviceAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "15014" - reconciler.kyma-project.io/managed-by-reconciler-disclaimer: | - DO NOT EDIT - This resource is managed by Kyma. - Any modifications are discarded and the resource is reverted to the original state. -{{- toYaml .Values.components.pilot.config | nindent 8}} - meshConfig: -{{- tpl (toYaml .Values.meshConfig | nindent 4) . | replace "'true'" "true" | replace "'false'" "false" }} - - values: - global: -{{- toYaml .Values.helmValues.global | nindent 8 }} - cni: -{{- toYaml .Values.helmValues.cni | nindent 8 }} - pilot: -{{- toYaml .Values.helmValues.pilot | nindent 8 }} - sidecarInjectorWebhook: -{{- toYaml .Values.helmValues.sidecarInjectorWebhook | nindent 8 }} - gateways: - istio-ingressgateway: - name: istio-ingressgateway - autoscaleEnabled: {{ index .Values "helmValues" "gateways" "istio-ingressgateway" "autoscaleEnabled" }} - podAnnotations: - reconciler.kyma-project.io/managed-by-reconciler-disclaimer: | - DO NOT EDIT - This resource is managed by Kyma. - Any modifications are discarded and the resource is reverted to the original state. - serviceAnnotations: - dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: "*.{{ .Values.global.domainName }}" - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000" - reconciler.kyma-project.io/managed-by-reconciler-disclaimer: | - DO NOT EDIT - This resource is managed by Kyma. - Any modifications are discarded and the resource is reverted to the original state. diff --git a/resources/istio/values.yaml b/resources/istio/values.yaml index c6504d15d247..854dc746c526 100644 --- a/resources/istio/values.yaml +++ b/resources/istio/values.yaml @@ -1,177 +1,3 @@ ---- -helmValues: - global: - priorityClassName: "kyma-system-priority" - imagePullPolicy: IfNotPresent - proxy: - tracer: none - readinessFailureThreshold: 40 - readinessInitialDelaySeconds: 5 - readinessPeriodSeconds: 5 - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 250m - memory: 256Mi - - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - cni: - cniConfDir: /etc/cni/net.d - cniBinDir: /opt/cni/bin - gateways: - istio-ingressgateway: - autoscaleEnabled: true - - sidecarInjectorWebhook: - enableNamespacesByDefault: false - objectSelector: - autoInject: true - enabled: false - rewriteAppHTTPProbe: true - -meshConfig: - trustDomain: cluster.local - defaultProviders: - tracing: [] - defaultConfig: - holdApplicationUntilProxyStarts: true - proxyMetadata: - BOOTSTRAP_XDS_AGENT: "true" - enablePrometheusMerge: false - enableTracing: false - extensionProviders: - - name: kyma-traces - opencensus: - service: "telemetry-trace-collector-internal.kyma-system.svc.cluster.local" - port: 55678 - context: - - W3C_TRACE_CONTEXT - - name: envoy - envoyFileAccessLog: - path: "/dev/stdout" - logFormat: - labels: {} - - name: stdout-json - envoyFileAccessLog: - path: "/dev/stdout" - logFormat: - labels: - start_time: "%START_TIME%" - method: "%REQ(:METHOD)%" - path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" - protocol: "%PROTOCOL%" - response_code: "%RESPONSE_CODE%" - response_flags: "%RESPONSE_FLAGS%" - response_code_details: "%RESPONSE_CODE_DETAILS%" - connection_termination_details: "%CONNECTION_TERMINATION_DETAILS%" - upstream_transport_failure_reason: "%CONNECTION_TERMINATION_DETAILS%" - bytes_received: "%BYTES_RECEIVED%" - bytes_sent: "%BYTES_SENT%" - duration: "%DURATION%" - upstream_service_time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%" - x_forwarded_for: "%REQ(X-FORWARDED-FOR)%" - user_agent: "%REQ(USER-AGENT)%" - request_id: "%REQ(X-REQUEST-ID)%" - authority: "%REQ(:AUTHORITY)%" - upstream_host: "%UPSTREAM_HOST%" - upstream_cluster: "%UPSTREAM_CLUSTER%" - upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%" - downstream_local_address: "%DOWNSTREAM_LOCAL_ADDRESS%" - downstream_remote_address: "%DOWNSTREAM_REMOTE_ADDRESS%" - requested_server_name: "%REQUESTED_SERVER_NAME%" - route_name: "%ROUTE_NAME%" - traceparent: "%REQ(TRACEPARENT)%" - tracestate: "%REQ(TRACESTATE)%" - -components: - cni: - enabled: true - config: - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 100m - memory: 512Mi - - egressGateways: - enabled: false - config: - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 120Mi - - ingressGateways: - enabled: true - config: - hpaSpec: - maxReplicas: 5 - minReplicas: 1 - metrics: - - resource: - name: cpu - target: - type: Utilization - averageUtilization: 80 - type: Resource - - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 - type: Resource - securityContext: - seccompProfile: - type: RuntimeDefault - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - - pilot: - enabled: true - config: - env: - - name: PILOT_HTTP10 - value: "1" - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 100m - memory: 512Mi - securityContext: - seccompProfile: - type: RuntimeDefault - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - global: containerRegistry: path: europe-docker.pkg.dev/kyma-project @@ -179,20 +5,17 @@ global: # these definitions aren't used by the chart, but they are required by external tool for list generation istio_proxyv2: name: "proxyv2" - version: "1.18.2-distroless" + version: "1.19.0-distroless" directory: "prod/external/istio" istio_pilot: name: "pilot" - version: "1.18.2-distroless" + version: "1.19.0-distroless" directory: "prod/external/istio" istio_install-cni: name: "install-cni" - version: "1.18.2-distroless" + version: "1.19.0-distroless" directory: "prod/external/istio" istio_operator_image: name: "istio-manager" - version: "1.0.0" + version: "1.1.0" directory: "prod" - - # This configuration is only temporary and will be removed in kyma version 2.7.x. - sidecarMigration: false