UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit 49b82d89 authored by Greg M's avatar Greg M Committed by Michael Martin
Browse files

Operatorless Istio with CORE packages only SKIP UPGRADE DEBUG

parent 3ef346fc
No related branches found
No related tags found
1 merge request!4906Operatorless Istio with CORE packages only SKIP UPGRADE DEBUG
Showing
with 85 additions and 35 deletions
......@@ -78,6 +78,10 @@ spec:
- name: istio
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.istioCore.enabled }}
- name: istio-core
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.kyvernoPolicies.enabled }}
- name: kyverno-policies
namespace: {{ .Release.Namespace }}
......
......@@ -7,5 +7,5 @@ metadata:
app.kubernetes.io/name: logging
app.kubernetes.io/component: "core"
{{- include "commonLabels" . | nindent 4}}
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.loki) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.loki) "enabled")) }}
{{- end }}
......@@ -13,8 +13,8 @@ clusterName: ""
openshift: {{ .Values.openshift }}
istio:
enabled: {{ .Values.istio.enabled }}
{{- if or
enabled: {{ include "istioEnabled" . }}
{{- if or
(dig "hardened" "enabled" false .Values.istio.values)
(dig "istio" "hardened" "enabled" false .Values.monitoring.values)
(dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
......@@ -34,6 +34,10 @@ istio:
minioOperator:
enabled: {{ .Values.addons.minioOperator.enabled }}
{{- end }}
loki:
enabled: true
gateways:
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) }}
imagePullSecrets:
- name: private-registry
......@@ -44,13 +48,15 @@ image:
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
istioNamespaceSelector:
{{ include "istioNamespaceSelector" . | nindent 4 }}
monitoring:
enabled: {{ .Values.monitoring.enabled }}
serviceMonitor:
enabled: {{ .Values.monitoring.enabled }}
# conditional passes only for default istio: enabled, mTLS: SCRICT
{{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.loki.values) "STRICT") }}
{{- if and (include "istioEnabled" . ) (eq (dig "istio" "mtls" "mode" "STRICT" .Values.loki.values) "STRICT") }}
scheme: https
tlsConfig:
caFile: /etc/prom-certs/root-cert.pem
......@@ -102,7 +108,7 @@ loki:
filesystem:
directory: /var/loki/chunks
{{- end }}
{{- if .Values.istio.enabled }}
{{- if include "istioEnabled" . }}
podAnnotations:
{{ include "istioAnnotation" . }}
{{- end }}
......
......@@ -9,6 +9,6 @@ metadata:
app.kubernetes.io/name: metrics-server
app.kubernetes.io/component: "cluster-utilities"
{{- include "commonLabels" . | nindent 4}}
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.addons.metricsServer) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.addons.metricsServer) "enabled")) }}
name: metrics-server
{{- end }}
......@@ -69,6 +69,10 @@ spec:
- name: istio
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.istioCore.enabled }}
- name: istio-core
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.kyvernoPolicies.enabled }}
- name: kyverno-policies
namespace: {{ .Release.Namespace }}
......
......@@ -4,7 +4,7 @@ kind: Namespace
metadata:
name: minio-operator
labels:
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.addons.minioOperator) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.addons.minioOperator) "enabled")) }}
app.kubernetes.io/name: minioOperator
app.kubernetes.io/component: "application-utilities"
{{- include "commonLabels" . | nindent 4}}
......
......@@ -38,13 +38,15 @@ operator:
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
istioNamespaceSelector:
{{ include "istioNamespaceSelector" . | nindent 4 }}
ingressLabels:
{{- $gateway := default "public" .Values.addons.minio.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
istio:
enabled: {{ .Values.istio.enabled }}
enabled: {{ include "istioEnabled" . }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false .Values.addons.minioOperator.values)
......@@ -53,9 +55,9 @@ istio:
}}
console:
gateways:
- istio-system/{{ default "public" .Values.addons.minio.ingress.gateway }}
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) .Values.addons.minio.ingress.gateway }}
{{- if .Values.istio.enabled }}
{{- if include "istioEnabled" . }}
annotations:
{{ include "istioAnnotation" . }}
{{- end }}
......
......@@ -4,7 +4,7 @@ kind: Namespace
metadata:
name: minio
labels:
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.addons.minio) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.addons.minio) "enabled")) }}
app.kubernetes.io/name: minio
app.kubernetes.io/component: "application-utilities"
{{- include "commonLabels" . | nindent 4}}
......
......@@ -9,13 +9,13 @@ hostname: {{ $domainName }}
domain: {{ $domainName }}
istio:
enabled: {{ .Values.istio.enabled }}
enabled: {{ include "istioEnabled" . }}
console:
gateways:
- istio-system/{{ default "public" .Values.addons.minio.ingress.gateway }}
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) .Values.addons.minio.ingress.gateway }}
api:
gateways:
- istio-system/{{ default "public" .Values.addons.minio.ingress.gateway }}
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) .Values.addons.minio.ingress.gateway }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false .Values.addons.minioOperator.values)
......@@ -23,7 +23,7 @@ istio:
(dig "hardened" "enabled" false .Values.istio.values)
}}
{{- if .Values.istio.enabled }}
{{- if include "istioEnabled" . }}
annotations:
{{ include "istioAnnotation" . }}
{{- end }}
......
......@@ -56,12 +56,16 @@ spec:
valuesKey: "overlays"
# TODO: DRY this up
{{- if or .Values.gatekeeper.enabled .Values.istio.enabled .Values.kyvernoPolicies.enabled .Values.addons.vault.enabled }}
{{- if or .Values.gatekeeper.enabled (include "istioEnabled" .) .Values.kyvernoPolicies.enabled .Values.addons.vault.enabled }}
dependsOn:
{{- if .Values.istio.enabled }}
- name: istio
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.istioCore.enabled }}
- name: istio-core
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.gatekeeper.enabled }}
- name: gatekeeper
namespace: {{ .Release.Namespace }}
......
......@@ -7,5 +7,5 @@ metadata:
app.kubernetes.io/name: monitoring
app.kubernetes.io/component: "core"
{{- include "commonLabels" . | nindent 4}}
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.monitoring) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.monitoring) "enabled")) }}
{{- end }}
......@@ -8,7 +8,7 @@
hostname: {{ $domainName }}
domain: {{ $domainName }}
{{- $istioInjection := (and (eq (dig "istio" "injection" "enabled" .Values.monitoring) "enabled") .Values.istio.enabled) }}
{{- $istioInjection := (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.monitoring) "enabled")) }}
{{- $gitlabRedis := (and (ne .Values.addons.gitlab.redis.password "" ) (or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled)) }}
{{- $authserviceRedisEnabled := (and (dig "values" "redis" "enabled" false .Values.addons.authservice) .Values.addons.authservice.enabled) }}
{{- $redisDatasource := (or $gitlabRedis .Values.addons.argocd.enabled $authserviceRedisEnabled) }}
......@@ -21,11 +21,19 @@ flux:
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
istioNamespaceSelector:
{{ include "istioNamespaceSelector" . | nindent 4 }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
ingressLabels:
{{- if .Values.istio.enabled }}
{{- $gateway := default "public" .Values.monitoring.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
{{- end }}
{{- if .Values.istioCore.enabled }}
app: public-ingressgateway
istio: ingressgateway
{{- end }}
openshift: {{ .Values.openshift }}
......@@ -37,7 +45,7 @@ gitlabRunner:
istio:
{{- $monitoringInjection := dig "istio" "injection" "enabled" .Values.monitoring }}
enabled: {{ .Values.istio.enabled }}
enabled: {{ include "istioEnabled" . }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false .Values.monitoring.values)
......@@ -76,7 +84,7 @@ istio:
namespace: authservice
{{- end }}
gateways:
- istio-system/{{ default "public" .Values.monitoring.ingress.gateway }}
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) .Values.monitoring.ingress.gateway }}
alertmanager:
enabled: true
{{- if and .Values.monitoring.sso.enabled (eq $monitoringInjection "disabled") }}
......@@ -85,7 +93,7 @@ istio:
namespace: authservice
{{- end }}
gateways:
- istio-system/{{ default "public" .Values.monitoring.ingress.gateway }}
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) .Values.monitoring.ingress.gateway }}
injection: {{ dig "istio" "injection" "enabled" .Values.monitoring }}
alertmanager:
......@@ -112,7 +120,7 @@ alertmanager:
{{ include "istioAnnotation" . }}
{{- end }}
{{- end }}
{{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.monitoring.values) "STRICT") }}
{{- if and (include "istioEnabled" .) (eq (dig "istio" "mtls" "mode" "STRICT" .Values.monitoring.values) "STRICT") }}
serviceMonitor:
scheme: https
tlsConfig:
......@@ -143,7 +151,7 @@ prometheus:
thanosServiceMonitor:
enabled: true
{{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.monitoring.values) "STRICT") }}
{{- if and (include "istioEnabled" .) (eq (dig "istio" "mtls" "mode" "STRICT" .Values.monitoring.values) "STRICT") }}
serviceMonitor:
scheme: https
tlsConfig:
......@@ -154,7 +162,7 @@ prometheus:
{{- end }}
{{- end }}
prometheusSpec:
{{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.monitoring.values) "STRICT") }}
{{- if and (include "istioEnabled" .) (eq (dig "istio" "mtls" "mode" "STRICT" .Values.monitoring.values) "STRICT") }}
alertingEndpoints:
- name: monitoring-monitoring-kube-alertmanager
namespace: monitoring
......
......@@ -55,7 +55,7 @@ spec:
kind: Secret
valuesKey: "overlays"
{{- if or .Values.gatekeeper.enabled .Values.istio.enabled .Values.kyvernoPolicies.enabled .Values.monitoring.enabled }}
{{- if or .Values.gatekeeper.enabled (include "istioEnabled" .) .Values.kyvernoPolicies.enabled .Values.monitoring.enabled }}
dependsOn:
{{- if .Values.gatekeeper.enabled }}
- name: gatekeeper
......@@ -65,6 +65,10 @@ spec:
- name: istio
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.istioCore.enabled }}
- name: istio-core
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.kyvernoPolicies.enabled }}
- name: kyverno-policies
namespace: {{ .Release.Namespace }}
......
......@@ -7,5 +7,5 @@ metadata:
app.kubernetes.io/name: neuvector
app.kubernetes.io/component: "sandbox"
{{- include "commonLabels" . | nindent 4}}
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.neuvector) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.neuvector) "enabled")) }}
{{- end }}
\ No newline at end of file
......@@ -7,10 +7,10 @@ domain: {{ default .Values.domain .Values.hostname }}
openshift: {{ .Values.openshift }}
{{ $istioInjection := (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.neuvector) "enabled")) }}
{{ $istioInjection := (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.neuvector) "enabled")) }}
istio:
enabled: {{ .Values.istio.enabled }}
enabled: {{ include "istioEnabled" . }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false .Values.neuvector.values)
......@@ -18,7 +18,7 @@ istio:
}}
neuvector:
gateways:
- istio-system/{{ default "public" .Values.neuvector.ingress.gateway }}
- {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" . ) .Values.monitoring.ingress.gateway }}
injection: {{ ternary "enabled" "disabled" $istioInjection }}
monitoring:
......@@ -113,7 +113,7 @@ cve:
{{- end }}
{{- end }}
{{- if or .Values.istio.enabled $.Values.kiali.enabled }}
{{- if or (include "istioEnabled" .) $.Values.kiali.enabled }}
manager:
{{- if $istioInjection }}
podAnnotations:
......@@ -124,10 +124,18 @@ manager:
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
istioNamespaceSelector:
{{ include "istioNamespaceSelector" . | nindent 4 }}
ingressLabels:
{{- if .Values.istio.enabled }}
{{- $gateway := default "public" .Values.neuvector.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
{{- end }}
{{- if .Values.istioCore.enabled }}
app: public-ingressgateway
istio: ingressgateway
{{- end }}
{{- end }}
{{- /* Create secret */ -}}
......
......@@ -70,6 +70,10 @@ spec:
- name: istio
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.istioCore.enabled }}
- name: istio-core
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.kyvernoPolicies.enabled }}
- name: kyverno-policies
namespace: {{ .Release.Namespace }}
......
......@@ -7,5 +7,5 @@ metadata:
app.kubernetes.io/name: promtail
app.kubernetes.io/component: "core"
{{- include "commonLabels" . | nindent 4}}
istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.promtail) "enabled")) }}
istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" .Values.promtail) "enabled")) }}
{{- end }}
......@@ -12,7 +12,7 @@ image:
openshift: {{ .Values.openshift }}
istio:
enabled: {{ .Values.istio.enabled }}
enabled: {{ include "istioEnabled" . }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false .Values.promtail.values)
......@@ -25,7 +25,7 @@ loki:
serviceMonitor:
enabled: {{ .Values.monitoring.enabled }}
# conditional passes only for default istio: enabled, mTLS: SCRICT
{{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.promtail.values) "STRICT") }}
{{- if and (include "istioEnabled" . ) (eq (dig "istio" "mtls" "mode" "STRICT" .Values.promtail.values) "STRICT") }}
scheme: https
tlsConfig:
caFile: /etc/prom-certs/root-cert.pem
......@@ -41,7 +41,7 @@ networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
{{- if .Values.istio.enabled }}
{{- if include "istioEnabled" . }}
podAnnotations:
{{ include "istioAnnotation" . }}
{{- end }}
......
......@@ -30,6 +30,8 @@ monitoring:
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
istioNamespaceSelector:
{{ include "istioNamespaceSelector" . | nindent 4 }}
ingressLabels:
{{- $gateway := default "public" .Values.addons.sonarqube.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
......
......@@ -56,7 +56,7 @@ spec:
- name: {{ .Release.Name }}-tempo-values
kind: Secret
valuesKey: "overlays"
{{- if or .Values.monitoring.enabled .Values.istio.enabled .Values.tempo.sso.enabled }}
{{- if or .Values.monitoring.enabled .Values.tempo.sso.enabled (include "istioEnabled" .) }}
dependsOn:
{{- if .Values.monitoring.enabled }}
- name: monitoring
......@@ -70,5 +70,9 @@ spec:
- name: istio
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.istioCore.enabled }}
- name: istio-core
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
{{- end }}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment