jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-06-09 12:47:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

upgrade to istio 1.19 (#1211)

Browse Source 
Co-authored-by: CH3CHO <ch3cho@qq.com>
Co-authored-by: rinfx <893383980@qq.com>
This commit is contained in:
澄潭
2024-08-26 09:51:47 +08:00
committed by GitHub
parent a2c2d1d521
commit f7a419770d
401 changed files with 21171 additions and 7255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
helm/core/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.4.2
appVersion: 2.0.0-rc.1
description: Helm chart for deploying higress gateways
icon: https://higress.io/img/higress_logo_small.png
home: http://higress.io/
@@ -10,4 +10,4 @@ name: higress-core
sources:
- http://github.com/alibaba/higress
type: application
version: 1.4.2
version: 2.0.0-rc.1

33
helm/core/crds/customresourcedefinitions.gen.yaml
View File

@@ -37,6 +37,13 @@ spec:
x-kubernetes-preserve-unknown-fields: true
defaultConfigDisable:
type: boolean
failStrategy:
description: Specifies the failure behavior for the plugin due to
fatal errors.
enum:
- FAIL_CLOSE
- FAIL_OPEN
type: string
imagePullPolicy:
description: The pull behaviour to be applied when fetching an OCI
image.
@@ -64,6 +71,10 @@ spec:
items:
type: string
type: array
service:
items:
type: string
type: array
type: object
type: array
phase:
@@ -94,6 +105,27 @@ spec:
type: string
verificationKey:
type: string
vmConfig:
description: Configuration for a Wasm VM.
properties:
env:
description: Specifies environment variables to be injected to
this VM.
items:
properties:
name:
type: string
value:
description: Value for the environment variable.
type: string
valueFrom:
enum:
- INLINE
- HOST
type: string
type: object
type: array
type: object
type: object
status:
type: object
@@ -270,4 +302,3 @@ spec:
subresources:
status: {}
---

236
helm/core/crds/istio-envoyfilter.yaml Normal file
View File

@@ -0,0 +1,236 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
name: envoyfilters.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: EnvoyFilter
listKind: EnvoyFilterList
plural: envoyfilters
singular: envoyfilter
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
properties:
spec:
description: 'Customizing Envoy configuration generated by Istio. See
more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
properties:
configPatches:
description: One or more patches with match conditions.
items:
properties:
applyTo:
enum:
- INVALID
- LISTENER
- FILTER_CHAIN
- NETWORK_FILTER
- HTTP_FILTER
- ROUTE_CONFIGURATION
- VIRTUAL_HOST
- HTTP_ROUTE
- CLUSTER
- EXTENSION_CONFIG
- BOOTSTRAP
- LISTENER_FILTER
type: string
match:
description: Match on listener/route configuration/cluster.
oneOf:
- not:
anyOf:
- required:
- listener
- required:
- routeConfiguration
- required:
- cluster
- required:
- listener
- required:
- routeConfiguration
- required:
- cluster
properties:
cluster:
description: Match on envoy cluster attributes.
properties:
name:
description: The exact name of the cluster to match.
type: string
portNumber:
description: The service port for which this cluster
was generated.
type: integer
service:
description: The fully qualified service name for this
cluster.
type: string
subset:
description: The subset associated with the service.
type: string
type: object
context:
description: The specific config generation context to match
on.
enum:
- ANY
- SIDECAR_INBOUND
- SIDECAR_OUTBOUND
- GATEWAY
type: string
listener:
description: Match on envoy listener attributes.
properties:
filterChain:
description: Match a specific filter chain in a listener.
properties:
applicationProtocols:
description: Applies only to sidecars.
type: string
destinationPort:
description: The destination_port value used by
a filter chain's match condition.
type: integer
filter:
description: The name of a specific filter to apply
the patch to.
properties:
name:
description: The filter name to match on.
type: string
subFilter:
properties:
name:
description: The filter name to match on.
type: string
type: object
type: object
name:
description: The name assigned to the filter chain.
type: string
sni:
description: The SNI value used by a filter chain's
match condition.
type: string
transportProtocol:
description: Applies only to `SIDECAR_INBOUND` context.
type: string
type: object
listenerFilter:
description: Match a specific listener filter.
type: string
name:
description: Match a specific listener by its name.
type: string
portName:
type: string
portNumber:
type: integer
type: object
proxy:
description: Match on properties associated with a proxy.
properties:
metadata:
additionalProperties:
type: string
type: object
proxyVersion:
type: string
type: object
routeConfiguration:
description: Match on envoy HTTP route configuration attributes.
properties:
gateway:
type: string
name:
description: Route configuration name to match on.
type: string
portName:
description: Applicable only for GATEWAY context.
type: string
portNumber:
type: integer
vhost:
properties:
name:
type: string
route:
description: Match a specific route within the virtual
host.
properties:
action:
description: Match a route with specific action
type.
enum:
- ANY
- ROUTE
- REDIRECT
- DIRECT_RESPONSE
type: string
name:
type: string
type: object
type: object
type: object
type: object
patch:
description: The patch to apply along with the operation.
properties:
filterClass:
description: Determines the filter insertion order.
enum:
- UNSPECIFIED
- AUTHN
- AUTHZ
- STATS
type: string
operation:
description: Determines how the patch should be applied.
enum:
- INVALID
- MERGE
- ADD
- REMOVE
- INSERT_BEFORE
- INSERT_AFTER
- INSERT_FIRST
- REPLACE
type: string
value:
description: The JSON config of the object being patched.
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
type: array
priority:
description: Priority defines the order in which patch sets are applied
within a context.
format: int32
type: integer
workloadSelector:
properties:
labels:
additionalProperties:
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
subresources:
status: {}

11
helm/core/templates/controller-clusterrole.yaml
View File

@@ -26,13 +26,18 @@ rules:
verbs: ["create", "get", "list", "watch", "update"]
# Use for Kubernetes Service APIs
- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
- apiGroups: ["networking.x-k8s.io"]
resources: ["*"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
- apiGroups: ["networking.x-k8s.io"]
resources: ["*"] # TODO: should be on just */status but wildcard is not supported
verbs: ["update"]
# Gateway api controller
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["*"]
verbs: ["get", "watch", "list", "create", "update", "delete", "patch"]
# Needed for multicluster secret reading, possibly ingress certs in the future
- apiGroups: [""]
resources: ["secrets"]
@@ -123,4 +128,4 @@ rules:
resources: ["ingresses"]
- apiGroups: ["networking.internal.knative.dev"]
resources: ["ingresses/status"]
verbs: ["get","patch","update"]
verbs: ["get","patch","update"]

6
helm/core/templates/controller-deployment.yaml
View File

@@ -133,6 +133,12 @@ spec:
env:
- name: PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS
value: "false"
- name: PILOT_ENABLE_ALPN_FILTER
value: "false"
- name: ENABLE_OPTIMIZED_CONFIG_REBUILD
value: "false"
- name: PILOT_ENABLE_K8S_SELECT_WORKLOAD_ENTRIES
value: "false"
- name: HIGRESS_SYSTEM_NS
value: "{{ .Release.Namespace }}"
- name: DEFAULT_UPSTREAM_CONCURRENCY_THRESHOLD

70
helm/core/templates/deployment.yaml
View File

@@ -72,6 +72,40 @@ spec:
value: "0"
{{- end }}
containers:
{{- if $o11y.enabled }}
{{- $config := $o11y.promtail }}
- name: promtail
image: {{ $config.image.repository }}:{{ $config.image.tag }}
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/promtail/promtail.yaml
env:
- name: 'HOSTNAME'
valueFrom:
fieldRef:
fieldPath: 'spec.nodeName'
ports:
- containerPort: {{ $config.port }}
name: http-metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: {{ $config.port }}
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- name: promtail-config
mountPath: "/etc/promtail"
- name: log
mountPath: /var/log/proxy
- name: tmp
mountPath: /tmp
{{- end }}
- name: higress-gateway
image: "{{ .Values.gateway.hub | default .Values.global.hub }}/{{ .Values.gateway.image | default "gateway" }}:{{ .Values.gateway.tag | default .Chart.AppVersion }}"
args:
@@ -141,8 +175,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: PILOT_XDS_SEND_TIMEOUT
value: 60s
- name: PROXY_XDS_VIA_AGENT
value: "true"
- name: ENABLE_INGRESS_GATEWAY_SDS
@@ -230,40 +262,6 @@ spec:
- mountPath: /var/log/proxy
name: log
{{- end }}
{{- if $o11y.enabled }}
{{- $config := $o11y.promtail }}
- name: promtail
image: {{ $config.image.repository }}:{{ $config.image.tag }}
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/promtail/promtail.yaml
env:
- name: 'HOSTNAME'
valueFrom:
fieldRef:
fieldPath: 'spec.nodeName'
ports:
- containerPort: {{ $config.port }}
name: http-metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: {{ $config.port }}
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- name: promtail-config
mountPath: "/etc/promtail"
- name: log
mountPath: /var/log/proxy
- name: tmp
mountPath: /tmp
{{- end }}
{{- if .Values.gateway.hostNetwork }}
hostNetwork: {{ .Values.gateway.hostNetwork }}
dnsPolicy: ClusterFirstWithHostNet

6
helm/higress/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: higress-core
repository: file://../core
version: 1.4.2
version: 2.0.0-rc.1
- name: higress-console
repository: https://higress.io/helm-charts/
version: 1.4.2
digest: sha256:31b557e55584e589b140ae9b89cfc8b99df91771c7d28465c3a2b06a4f35a192
generated: "2024-07-26T13:53:23.225023+08:00"
digest: sha256:10375e19aff1cc31e4d450ee5c3124ed684c8bcd2f4c019ea88abf7e3d381d76
generated: "2024-08-15T19:39:04.526398+08:00"

6
helm/higress/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.4.2
appVersion: 2.0.0-rc.1
description: Helm chart for deploying Higress gateways
icon: https://higress.io/img/higress_logo_small.png
home: http://higress.io/
@@ -12,9 +12,9 @@ sources:
dependencies:
- name: higress-core
repository: "file://../core"
version: 1.4.2
version: 2.0.0-rc.1
- name: higress-console
repository: "https://higress.io/helm-charts/"
version: 1.4.2
type: application
version: 1.4.2
version: 2.0.0-rc.1