[dev-v2.11] Add previously released Istio versions to 2.11

packages/rancher-istio/1.21/rancher-istio/charts/Chart.yaml → charts/rancher-istio/106.0.0+up1.22.1/Chart.yaml

@@ -1,24 +1,24 @@
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Istio
-  catalog.cattle.io/kube-version: '>= 1.26.0-0 < 1.30.0-0'
+  catalog.cattle.io/kube-version: '>= 1.27.0-0 < 1.31.0-0'
   catalog.cattle.io/namespace: istio-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux,windows
-  catalog.cattle.io/rancher-version: '>= 2.10.0-0 < 2.11.0-0'
+  catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0'
   catalog.cattle.io/release-name: rancher-istio
   catalog.cattle.io/requests-cpu: 710m
   catalog.cattle.io/requests-memory: 2314Mi
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: istio
-  catalog.cattle.io/upstream-version: 1.21.1
+  catalog.cattle.io/upstream-version: 1.22.1
 apiVersion: v1
-appVersion: 1.21.1
+appVersion: 1.22.1
 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
   for details.
 icon: https://charts.rancher.io/assets/logos/istio.svg
 keywords:
 - networking
 - infrastructure
 name: rancher-istio
-version: 1.21.1
+version: 106.0.0+up1.22.1

packages/rancher-istio/1.21/rancher-istio/charts/app-readme.md → charts/rancher-istio/106.0.0+up1.22.1/app-readme.md

@@ -38,7 +38,7 @@ To install istio with CNI enabled, e.g. when cluster has a default PSP set to "r
 See [this issue](https://github.com/rancher/rancher/issues/33291) for details.
 
 ## Installing istio with distroless-images.
-Istio `104.3.0+up1.21.1` uses distroless images for `istio-proxyv2`, `istio-install-cni` and `istio-pilot`. Distroless images don't have the common debugging tools like `bash`, `curl`, etc. If you wish to troubleshoot Istio, you can switch to regular images by updating `values.yaml` file.
+Istio `104.4.0+up1.22.1` uses distroless images for `istio-proxyv2`, `istio-install-cni` and `istio-pilot`. Distroless images don't have the common debugging tools like `bash`, `curl`, etc. If you wish to troubleshoot Istio, you can switch to regular images by updating `values.yaml` file.
 
 ## Deprecations
 

charts/rancher-istio/106.0.0+up1.22.1/charts/kiali/Chart.yaml

@@ -0,0 +1,28 @@
+annotations:
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1
+  catalog.rancher.io/namespace: cattle-istio-system
+  catalog.rancher.io/release-name: rancher-kiali-server
+apiVersion: v2
+appVersion: v1.86.0
+description: Kiali is an open source project for service mesh observability, refer
+  to https://www.kiali.io for details. This is installed as sub-chart with customized
+  values in Rancher's Istio.
+home: https://github.com/kiali/kiali
+icon: https://raw.githubusercontent.com/kiali/kiali.io/current/assets/icons/logo.svg
+keywords:
+- istio
+- kiali
+- networking
+- infrastructure
+maintainers:
+- email: [email protected]
+  name: Kiali
+  url: https://kiali.io
+name: kiali
+sources:
+- https://github.com/kiali/kiali
+- https://github.com/kiali/kiali-operator
+- https://github.com/kiali/helm-charts
+version: 1.86.0

charts/rancher-istio/106.0.0+up1.22.1/charts/kiali/templates/NOTES.txt

@@ -0,0 +1,5 @@
+Welcome to Kiali! For more details on Kiali, see: https://kiali.io
+
+The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon.
+
+(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}])

charts/rancher-istio/106.0.0+up1.22.1/charts/kiali/templates/_helpers.tpl

@@ -0,0 +1,222 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Create a default fully qualified instance name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride.
+For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali,
+use fullnameOverride, otherwise use deployment.instance_name.
+*/}}
+{{- define "kiali-server.fullname" -}}
+{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }}
+  {{- .Values.fullnameOverride | trunc 63 }}
+{{- else }}
+  {{- .Values.deployment.instance_name | trunc 63 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kiali-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Identifies the log_level.
+*/}}
+{{- define "kiali-server.logLevel" -}}
+{{- .Values.deployment.logger.log_level -}}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kiali-server.labels" -}}
+helm.sh/chart: {{ include "kiali-server.chart" . }}
+app: kiali
+{{ include "kiali-server.selectorLabels" . }}
+version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: "kiali"
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kiali-server.selectorLabels" -}}
+{{- $releaseName := .Release.Name -}}
+{{- $fullName := include "kiali-server.fullname" . -}}
+{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}}
+app.kubernetes.io/name: kiali
+{{- if (and .Release.IsUpgrade $deployment)}}
+app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }}
+{{- else }}
+app.kubernetes.io/instance: {{ $fullName }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default login token signing key.
+*/}}
+{{- define "kiali-server.login_token.signing_key" -}}
+{{- if .Values.login_token.signing_key }}
+  {{- .Values.login_token.signing_key }}
+{{- else }}
+  {{- randAlphaNum 16 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default web root.
+*/}}
+{{- define "kiali-server.server.web_root" -}}
+{{- if .Values.server.web_root  }}
+  {{- if (eq .Values.server.web_root "/") }}
+    {{- .Values.server.web_root }}
+  {{- else }}
+    {{- .Values.server.web_root | trimSuffix "/" }}
+  {{- end }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/" }}
+  {{- else }}
+    {{- "/kiali" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default identity cert file. There is no default if on k8s; only on OpenShift.
+*/}}
+{{- define "kiali-server.identity.cert_file" -}}
+{{- if hasKey .Values.identity "cert_file" }}
+  {{- .Values.identity.cert_file }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/kiali-cert/tls.crt" }}
+  {{- else }}
+    {{- "" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default identity private key file. There is no default if on k8s; only on OpenShift.
+*/}}
+{{- define "kiali-server.identity.private_key_file" -}}
+{{- if hasKey .Values.identity "private_key_file" }}
+  {{- .Values.identity.private_key_file }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/kiali-cert/tls.key" }}
+  {{- else }}
+    {{- "" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default deployment.ingress.enabled. Disable it on k8s; enable it on OpenShift.
+*/}}
+{{- define "kiali-server.deployment.ingress.enabled" -}}
+{{- if hasKey .Values.deployment.ingress "enabled" }}
+  {{- .Values.deployment.ingress.enabled }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- true }}
+  {{- else }}
+    {{- false }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the istio namespace - default is where Kiali is installed.
+*/}}
+{{- define "kiali-server.istio_namespace" -}}
+{{- if .Values.istio_namespace }}
+  {{- .Values.istio_namespace }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift.
+*/}}
+{{- define "kiali-server.auth.strategy" -}}
+{{- if .Values.auth.strategy }}
+  {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }}
+    {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }}
+  {{- end }}
+  {{- .Values.auth.strategy }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- if not .Values.kiali_route_url }}
+      {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }}
+    {{- end }}
+    {{- "openshift" }}
+  {{- else }}
+    {{- "token" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the root namespace - default is where Kiali is installed.
+*/}}
+{{- define "kiali-server.external_services.istio.root_namespace" -}}
+{{- if .Values.external_services.istio.root_namespace }}
+  {{- .Values.external_services.istio.root_namespace }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
+{{/*
+Autodetect remote cluster secrets if enabled - looks for secrets in the same namespace where Kiali is installed.
+Returns a JSON dict whose keys are the cluster names and values are the cluster secret data.
+*/}}
+{{- define "kiali-server.remote-cluster-secrets" -}}
+{{- $theDict := dict }}
+{{- if .Values.clustering.autodetect_secrets.enabled }}
+  {{- $secretLabelToLookFor := (regexSplit "=" .Values.clustering.autodetect_secrets.label 2) }}
+  {{- $secretLabelNameToLookFor := first $secretLabelToLookFor }}
+  {{- $secretLabelValueToLookFor := last $secretLabelToLookFor }}
+  {{- range $i, $secret := (lookup "v1" "Secret" .Release.Namespace "").items }}
+    {{- if (and (and (hasKey $secret.metadata "labels") (hasKey $secret.metadata.labels $secretLabelNameToLookFor)) (eq (get $secret.metadata.labels $secretLabelNameToLookFor) ($secretLabelValueToLookFor))) }}
+      {{- $clusterName := $secret.metadata.name }}
+      {{- if (and (hasKey $secret.metadata "annotations") (hasKey $secret.metadata.annotations "kiali.io/cluster")) }}
+        {{- $clusterName = get $secret.metadata.annotations "kiali.io/cluster" }}
+      {{- end }}
+      {{- $theDict = set $theDict $clusterName $secret.metadata.name }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- $theDict | toJson }}
+{{- end }}

charts/rancher-istio/106.0.0+up1.22.1/charts/kiali/templates/cabundle.yaml

@@ -0,0 +1,13 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-cabundle
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    service.beta.openshift.io/inject-cabundle: "true"
+...
+{{- end }}

charts/rancher-istio/106.0.0+up1.22.1/charts/kiali/templates/configmap.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  {{- if .Values.deployment.configmap_annotations }}
+  annotations:
+    {{- toYaml .Values.deployment.configmap_annotations | nindent 4 }}
+  {{- end }}
+data:
+  config.yaml: |
+    {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}}
+    {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }}
+    {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}}
+    {{- $_ := set $cm.deployment "namespace" .Release.Namespace }}
+    {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}}
+    {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }}
+    {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }}
+    {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }}
+    {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }}
+    {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }}
+    {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }}
+    {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }}
+    {{- $_ := set $cm.external_services.istio "root_namespace" (include "kiali-server.external_services.istio.root_namespace" .) }}
+    {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }}
+    {{- toYaml $cm | nindent 4 }}
+...