From 92d6209c9ec8c502376bb561b7fe6a9565a2d93b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Wed, 18 Dec 2024 12:50:38 +0100 Subject: [PATCH] Ensure profile files are included in the revisiontags chart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Lukša --- hack/download-charts.sh | 3 + .../revisiontags/files/profile-ambient.yaml | 17 ++++ .../profile-compatibility-version-1.22.yaml | 26 +++++ .../profile-compatibility-version-1.23.yaml | 19 ++++ .../profile-compatibility-version-1.24.yaml | 8 ++ .../revisiontags/files/profile-demo.yaml | 94 +++++++++++++++++++ .../files/profile-platform-gke.yaml | 6 ++ .../files/profile-platform-k3d.yaml | 7 ++ .../files/profile-platform-k3s.yaml | 7 ++ .../files/profile-platform-microk8s.yaml | 7 ++ .../files/profile-platform-minikube.yaml | 6 ++ .../files/profile-platform-openshift.yaml | 19 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-remote.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ .../revisiontags/files/profile-ambient.yaml | 25 +++++ .../profile-compatibility-version-1.20.yaml | 6 ++ .../revisiontags/files/profile-demo.yaml | 69 ++++++++++++++ .../revisiontags/files/profile-openshift.yaml | 19 ++++ .../revisiontags/files/profile-preview.yaml | 9 ++ .../revisiontags/files/profile-ambient.yaml | 21 +++++ .../profile-compatibility-version-1.20.yaml | 24 +++++ .../profile-compatibility-version-1.21.yaml | 17 ++++ .../revisiontags/files/profile-demo.yaml | 73 ++++++++++++++ .../files/profile-openshift-ambient.yaml | 34 +++++++ .../revisiontags/files/profile-openshift.yaml | 20 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ .../revisiontags/files/profile-ambient.yaml | 21 +++++ .../profile-compatibility-version-1.20.yaml | 24 +++++ .../profile-compatibility-version-1.21.yaml | 17 ++++ .../revisiontags/files/profile-demo.yaml | 73 ++++++++++++++ .../files/profile-openshift-ambient.yaml | 34 +++++++ .../revisiontags/files/profile-openshift.yaml | 20 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ .../revisiontags/files/profile-ambient.yaml | 20 ++++ .../profile-compatibility-version-1.20.yaml | 26 +++++ .../profile-compatibility-version-1.21.yaml | 23 +++++ .../profile-compatibility-version-1.22.yaml | 16 ++++ .../revisiontags/files/profile-demo.yaml | 73 ++++++++++++++ .../files/profile-openshift-ambient.yaml | 33 +++++++ .../revisiontags/files/profile-openshift.yaml | 20 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ .../revisiontags/files/profile-ambient.yaml | 20 ++++ .../profile-compatibility-version-1.20.yaml | 26 +++++ .../profile-compatibility-version-1.21.yaml | 23 +++++ .../profile-compatibility-version-1.22.yaml | 16 ++++ .../revisiontags/files/profile-demo.yaml | 73 ++++++++++++++ .../files/profile-openshift-ambient.yaml | 33 +++++++ .../revisiontags/files/profile-openshift.yaml | 20 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ .../revisiontags/files/profile-ambient.yaml | 17 ++++ .../profile-compatibility-version-1.21.yaml | 33 +++++++ .../profile-compatibility-version-1.22.yaml | 26 +++++ .../profile-compatibility-version-1.23.yaml | 19 ++++ .../revisiontags/files/profile-demo.yaml | 90 ++++++++++++++++++ .../files/profile-platform-k3d.yaml | 7 ++ .../files/profile-platform-k3s.yaml | 7 ++ .../files/profile-platform-microk8s.yaml | 7 ++ .../files/profile-platform-minikube.yaml | 6 ++ .../files/profile-platform-openshift.yaml | 19 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-remote.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ .../revisiontags/files/profile-ambient.yaml | 17 ++++ .../profile-compatibility-version-1.21.yaml | 33 +++++++ .../profile-compatibility-version-1.22.yaml | 26 +++++ .../profile-compatibility-version-1.23.yaml | 19 ++++ .../revisiontags/files/profile-demo.yaml | 90 ++++++++++++++++++ .../files/profile-platform-k3d.yaml | 7 ++ .../files/profile-platform-k3s.yaml | 7 ++ .../files/profile-platform-microk8s.yaml | 7 ++ .../files/profile-platform-minikube.yaml | 6 ++ .../files/profile-platform-openshift.yaml | 19 ++++ .../revisiontags/files/profile-preview.yaml | 13 +++ .../revisiontags/files/profile-remote.yaml | 13 +++ .../revisiontags/files/profile-stable.yaml | 8 ++ 80 files changed, 1795 insertions(+) create mode 100644 resources/latest/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-compatibility-version-1.22.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-compatibility-version-1.23.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-platform-gke.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/latest/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.21.6/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.21.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml create mode 100644 resources/v1.21.6/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.21.6/charts/revisiontags/files/profile-openshift.yaml create mode 100644 resources/v1.21.6/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.20.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.21.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-openshift-ambient.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-openshift.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.22.5/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.21.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-openshift-ambient.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-openshift.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.22.6/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.20.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.21.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.22.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-openshift-ambient.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-openshift.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.23.2/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.20.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.21.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.22.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-openshift-ambient.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-openshift.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.23.3/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.21.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.22.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/v1.24.0/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.21.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.22.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/v1.24.1/charts/revisiontags/files/profile-stable.yaml diff --git a/hack/download-charts.sh b/hack/download-charts.sh index c674cd93e..b37bae34a 100755 --- a/hack/download-charts.sh +++ b/hack/download-charts.sh @@ -131,6 +131,9 @@ version: 0.1.0 cp "${CHARTS_DIR}/istiod/values.yaml" "${CHARTS_DIR}/revisiontags/values.yaml" cp "${CHARTS_DIR}/istiod/templates/revision-tags.yaml" "${CHARTS_DIR}/revisiontags/templates/revision-tags.yaml" cp "${CHARTS_DIR}/istiod/templates/zzz_profile.yaml" "${CHARTS_DIR}/revisiontags/templates/zzz_profile.yaml" + + mkdir -p "${CHARTS_DIR}/revisiontags/files" + cp "${CHARTS_DIR}"/istiod/files/profile-*.yaml "${CHARTS_DIR}/revisiontags/files" } downloadIstioManifests diff --git a/resources/latest/charts/revisiontags/files/profile-ambient.yaml b/resources/latest/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..2805fe46b --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,17 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.22.yaml b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.22.yaml new file mode 100644 index 000000000..70d8eb40c --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.22.yaml @@ -0,0 +1,26 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ENABLE_DEFERRED_CLUSTER_CREATION: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.23.yaml new file mode 100644 index 000000000..636bb6f15 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.23.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..2704a7d95 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" diff --git a/resources/latest/charts/revisiontags/files/profile-demo.yaml b/resources/latest/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/latest/charts/revisiontags/files/profile-platform-gke.yaml b/resources/latest/charts/revisiontags/files/profile-platform-gke.yaml new file mode 100644 index 000000000..1e4cfc15e --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-platform-gke.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: /home/kubernetes/bin diff --git a/resources/latest/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/latest/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/latest/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/latest/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/latest/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/latest/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/latest/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/latest/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/latest/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/latest/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/latest/charts/revisiontags/files/profile-preview.yaml b/resources/latest/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/latest/charts/revisiontags/files/profile-remote.yaml b/resources/latest/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/latest/charts/revisiontags/files/profile-stable.yaml b/resources/latest/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.21.6/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.21.6/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..59dd9114e --- /dev/null +++ b/resources/v1.21.6/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,25 @@ +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +variant: distroless +pilot: + variant: distroless + env: + # Setup more secure default that is off in 'default' only for backwards compatibility + VERIFY_CERTIFICATE_AT_CLIENT: "true" + ENABLE_AUTO_SNI: "true" + + PILOT_ENABLE_HBONE: "true" + CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" + PILOT_ENABLE_AMBIENT_CONTROLLERS: "true" +cni: + logLevel: info + privileged: true + ambient: + enabled: true + + # Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni + excludeNamespaces: + - kube-system diff --git a/resources/v1.21.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml b/resources/v1.21.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml new file mode 100644 index 000000000..9f0fd563b --- /dev/null +++ b/resources/v1.21.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml @@ -0,0 +1,6 @@ +pilot: + env: + ENABLE_EXTERNAL_NAME_ALIAS: "false" + PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" + VERIFY_CERTIFICATE_AT_CLIENT: "false" + ENABLE_AUTO_SNI: "false" diff --git a/resources/v1.21.6/charts/revisiontags/files/profile-demo.yaml b/resources/v1.21.6/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..4ed37fed3 --- /dev/null +++ b/resources/v1.21.6/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,69 @@ +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.istio-system.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.otel-collector.svc.cluster.local + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.21.6/charts/revisiontags/files/profile-openshift.yaml b/resources/v1.21.6/charts/revisiontags/files/profile-openshift.yaml new file mode 100644 index 000000000..100ca578c --- /dev/null +++ b/resources/v1.21.6/charts/revisiontags/files/profile-openshift.yaml @@ -0,0 +1,19 @@ +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +# CNI must be installed. +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + excludeNamespaces: + - istio-system + - kube-system + logLevel: info + privileged: true + provider: "multus" +global: + platform: openshift +istio_cni: + enabled: true + chained: false +platform: openshift \ No newline at end of file diff --git a/resources/v1.21.6/charts/revisiontags/files/profile-preview.yaml b/resources/v1.21.6/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..390ed749f --- /dev/null +++ b/resources/v1.21.6/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,9 @@ +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..7b2c18c17 --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,21 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" + CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" +cni: + ambient: + enabled: true + +# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel +variant: distroless diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.20.yaml new file mode 100644 index 000000000..480718f1c --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.20.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.21 behavioral changes + ENABLE_EXTERNAL_NAME_ALIAS: "false" + PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" + VERIFY_CERTIFICATE_AT_CLIENT: "false" + ENABLE_AUTO_SNI: "false" + + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..a204a7ad4 --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,17 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-demo.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..83b9d6b66 --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,73 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-openshift-ambient.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-openshift-ambient.yaml new file mode 100644 index 000000000..0908fd145 --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-openshift-ambient.yaml @@ -0,0 +1,34 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + platform: openshift +cni: + ambient: + enabled: true + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" + variant: distroless + env: + PILOT_ENABLE_AMBIENT: "true" + # Allow sidecars/ingress to send/receive HBONE. This is required for interop. + PILOT_ENABLE_SENDING_HBONE: "true" + PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" + CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" +platform: openshift +variant: distroless +seLinuxOptions: + type: spc_t \ No newline at end of file diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-openshift.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-openshift.yaml new file mode 100644 index 000000000..18f61b88f --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-openshift.yaml @@ -0,0 +1,20 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +# CNI must be installed. +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +global: + platform: openshift +pilot: + cni: + enabled: true + provider: "multus" +platform: openshift diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-preview.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.22.5/charts/revisiontags/files/profile-stable.yaml b/resources/v1.22.5/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.22.5/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..7b2c18c17 --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,21 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" + CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" +cni: + ambient: + enabled: true + +# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel +variant: distroless diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml new file mode 100644 index 000000000..480718f1c --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.20.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.21 behavioral changes + ENABLE_EXTERNAL_NAME_ALIAS: "false" + PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" + VERIFY_CERTIFICATE_AT_CLIENT: "false" + ENABLE_AUTO_SNI: "false" + + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..a204a7ad4 --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,17 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-demo.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..83b9d6b66 --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,73 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-openshift-ambient.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-openshift-ambient.yaml new file mode 100644 index 000000000..0908fd145 --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-openshift-ambient.yaml @@ -0,0 +1,34 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + platform: openshift +cni: + ambient: + enabled: true + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" + variant: distroless + env: + PILOT_ENABLE_AMBIENT: "true" + # Allow sidecars/ingress to send/receive HBONE. This is required for interop. + PILOT_ENABLE_SENDING_HBONE: "true" + PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" + CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" +platform: openshift +variant: distroless +seLinuxOptions: + type: spc_t \ No newline at end of file diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-openshift.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-openshift.yaml new file mode 100644 index 000000000..18f61b88f --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-openshift.yaml @@ -0,0 +1,20 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +# CNI must be installed. +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +global: + platform: openshift +pilot: + cni: + enabled: true + provider: "multus" +platform: openshift diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-preview.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.22.6/charts/revisiontags/files/profile-stable.yaml b/resources/v1.22.6/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.22.6/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..22db03309 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,20 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true + +# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel +variant: distroless diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.20.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.20.yaml new file mode 100644 index 000000000..72fdd5b3c --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.20.yaml @@ -0,0 +1,26 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.21 behavioral changes + ENABLE_EXTERNAL_NAME_ALIAS: "false" + PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" + VERIFY_CERTIFICATE_AT_CLIENT: "false" + ENABLE_AUTO_SNI: "false" + + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ISTIO_DELTA_XDS: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.21.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..d11c242b5 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,23 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.22.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.22.yaml new file mode 100644 index 000000000..b091e2b94 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-compatibility-version-1.22.yaml @@ -0,0 +1,16 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ENABLE_DEFERRED_CLUSTER_CREATION: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-demo.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..83b9d6b66 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,73 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-openshift-ambient.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-openshift-ambient.yaml new file mode 100644 index 000000000..df4532d11 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-openshift-ambient.yaml @@ -0,0 +1,33 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + platform: openshift +cni: + ambient: + enabled: true + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" + variant: distroless + env: + PILOT_ENABLE_AMBIENT: "true" + # Allow sidecars/ingress to send/receive HBONE. This is required for interop. + PILOT_ENABLE_SENDING_HBONE: "true" + PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" +platform: openshift +variant: distroless +seLinuxOptions: + type: spc_t diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-openshift.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-openshift.yaml new file mode 100644 index 000000000..18f61b88f --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-openshift.yaml @@ -0,0 +1,20 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +# CNI must be installed. +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +global: + platform: openshift +pilot: + cni: + enabled: true + provider: "multus" +platform: openshift diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-preview.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.23.2/charts/revisiontags/files/profile-stable.yaml b/resources/v1.23.2/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.23.2/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..22db03309 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,20 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true + +# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel +variant: distroless diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.20.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.20.yaml new file mode 100644 index 000000000..72fdd5b3c --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.20.yaml @@ -0,0 +1,26 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.21 behavioral changes + ENABLE_EXTERNAL_NAME_ALIAS: "false" + PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" + VERIFY_CERTIFICATE_AT_CLIENT: "false" + ENABLE_AUTO_SNI: "false" + + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ISTIO_DELTA_XDS: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.21.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..d11c242b5 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,23 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.22.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.22.yaml new file mode 100644 index 000000000..b091e2b94 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-compatibility-version-1.22.yaml @@ -0,0 +1,16 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ENABLE_DEFERRED_CLUSTER_CREATION: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-demo.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..83b9d6b66 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,73 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-openshift-ambient.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-openshift-ambient.yaml new file mode 100644 index 000000000..df4532d11 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-openshift-ambient.yaml @@ -0,0 +1,33 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + platform: openshift +cni: + ambient: + enabled: true + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" + variant: distroless + env: + PILOT_ENABLE_AMBIENT: "true" + # Allow sidecars/ingress to send/receive HBONE. This is required for interop. + PILOT_ENABLE_SENDING_HBONE: "true" + PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" +platform: openshift +variant: distroless +seLinuxOptions: + type: spc_t diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-openshift.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-openshift.yaml new file mode 100644 index 000000000..18f61b88f --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-openshift.yaml @@ -0,0 +1,20 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +# CNI must be installed. +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + logLevel: info + provider: "multus" +global: + platform: openshift +pilot: + cni: + enabled: true + provider: "multus" +platform: openshift diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-preview.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.23.3/charts/revisiontags/files/profile-stable.yaml b/resources/v1.23.3/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.23.3/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..2805fe46b --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,17 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.21.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..c8da4d2e1 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,33 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.22.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.22.yaml new file mode 100644 index 000000000..70d8eb40c --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.22.yaml @@ -0,0 +1,26 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ENABLE_DEFERRED_CLUSTER_CREATION: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml new file mode 100644 index 000000000..636bb6f15 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-demo.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..eadbde17c --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,90 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..f3f2884aa --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/current/bin/ diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-preview.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-remote.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.24.0/charts/revisiontags/files/profile-stable.yaml b/resources/v1.24.0/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.24.0/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..2805fe46b --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,17 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.21.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..c8da4d2e1 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,33 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.22.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.22.yaml new file mode 100644 index 000000000..70d8eb40c --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.22.yaml @@ -0,0 +1,26 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.22 behavioral changes + ENABLE_DEFERRED_CLUSTER_CREATION: "false" + # 1.23 behavioral changes + ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml new file mode 100644 index 000000000..636bb6f15 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-demo.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..eadbde17c --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,90 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..f3f2884aa --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/current/bin/ diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-preview.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-remote.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.24.1/charts/revisiontags/files/profile-stable.yaml b/resources/v1.24.1/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.24.1/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true