starlingx/app-istio
Code Issues Proposed changes

Deprecate Istio-Operator in StarlingX

Browse Source 
Istio Operator mechanism has been deprecated
and is discouraged from Istio v1.23

As part of Istio App Maintenance, We are moving away from
Istio Operator dependency and handling all the required
charts using helm and fluxCD framework.

Following are the steps taken for migration -

***********************************************
3 Verticals -
helm/upstream
Python-k8s-istio
stx-istio-helm

helm/upstream ->
(debian/deb_folder and Makefile to be created for below Images)

istio-base (handles CRDS required for istio application)
istio-cni (Installs required CNI and sets iptable rules)
istio-pilot (Istio discovery service)
istio-proxyv2 - Ingress (Ingress Gateway)
istio-proxyv2 - Egress (Egress Gateway)

python-k8s-istio ->
1. python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/
The files below are to be created for handling Individual
Base Helm charts.

istio-base.py
istio-cni.py
istio-pilot.py
istio-proxyv2-Ingress.py
istio-proxyv2-Egress.py
and remove (python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_operator.py)

2. lifecycle_istio.py changes -

post_apply (should apply all charts)
pre_remove (remove code related to istio-operator)
post_remove(remove code related to istio-operator)
_get_helm_user_overrides (Handled with istio-base chart)

stx-istio-helm ->
FluxCD Manifest update for below -
eg:- (helmrelease, istio-cni-static-overrides/system-overrides, kustomization.yaml)

istio-base
istio-cni
istio-pilot
istio-proxyv2 - Ingress
istio-proxyv2 - Egress
Istio-operator charts to be removed.
***********************************************

Test Plan:
PASSED: build-pkgs, results in proper helm charts with
        appropriate versions.
PASSED: build deb Image without any errors
PASSED: Istio App LifeCycle tests -
        (Upload, Apply, Update, Remove, Delete)
PASSED: Istio App crds, cni daemonset, and other services
        are deployed properly.
PASSED: App update from pre-operator-deprecation to
        post-operator-deprecation works seamlessly.
PASSED: Autoversioning of all separate Helm charts is
        handled.
PASSED: Lifecycle fetches necessary overrides from helm
        properly.

Story: 2011403
Task: 52501

Change-Id: If72774cf081821c72fe720cf35a7b6c20f2c1ab8
Signed-off-by: Aman Pandae <AmanPandae.Mothukuri@windriver.com>
This commit is contained in:
Aman Pandae
2025-07-04 03:10:15 -04:00
parent c475992c93
commit 8aa1135894
81 changed files with 1586 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
debian_pkg_dirs
View File

@@ -1,4 +1,8 @@
helm-charts/upstream/istio-helm
helm-charts/upstream/istio-base-helm
helm-charts/upstream/istio-cni-helm
helm-charts/upstream/istio-pilot-helm
helm-charts/upstream/istio-ingressgateway-helm
helm-charts/upstream/istio-egressgateway-helm
helm-charts/upstream/kiali-helm
python3-k8sapp-istio
stx-istio-helm

5
helm-charts/upstream/istio-base-helm/debian/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
istio-base-helm (1.22-1) unstable; urgency=medium
* Initial Release, removing dependency on Istio Operator
-- Aman Pandae <amanpandae.mothukuri@windriver.com> Fri, 04 Jul 2025 06:42:17 +0000

15
helm-charts/upstream/istio-base-helm/debian/deb_folder/control Normal file
View File

@@ -0,0 +1,15 @@
Source: istio-base-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: istio-base-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Istio Base Helm Charts
This package contains helm charts for the istio application.

6
helm-charts/upstream/istio-helm/debian/deb_folder/copyright → helm-charts/upstream/istio-base-helm/debian/deb_folder/copyright
View File

@@ -1,9 +1,9 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: istio-helm
Upstream-Name: istio-base-helm
Source: https://opendev.org/starlingx/app-istio/
Files: *
Copyright: (c) 2013-2024 Wind River Systems, Inc
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ License: Apache-2
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2024 Wind River Systems, Inc
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

0
helm-charts/upstream/istio-helm/debian/deb_folder/istio-helm.install → helm-charts/upstream/istio-base-helm/debian/deb_folder/istio-base-helm.install
View File

34
helm-charts/upstream/istio-base-helm/debian/deb_folder/rules Executable file
View File

@@ -0,0 +1,34 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export CHART_FOLDER = $(ROOT)/usr/lib/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3)
export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION)
%:
dh $@
override_dh_auto_build:
mkdir -p istio-base
# Copy istio-base chart and required crds
cp Chart.yaml istio-base
cp values.yaml istio-base
cp -r templates istio-base
cp -r crds istio-base
cp -r files istio-base
# Create the tar file for the chart
make CHART_VERSION=$(CHART_VERSION) istio-base
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(CHART_FOLDER)
install -p -D -m 755 base*.tgz $(CHART_FOLDER)
override_dh_auto_test:

0
helm-charts/upstream/istio-helm/debian/deb_folder/source/format → helm-charts/upstream/istio-base-helm/debian/deb_folder/source/format
View File

15
helm-charts/upstream/istio-base-helm/debian/meta_data.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
debname: istio-base-helm
debver: 1.22-1
dl_path:
name: helm-charts-istio-base-1.22.1.tar.gz
url: https://storage.googleapis.com/istio-release/releases/1.22.1/helm/base-1.22.1.tgz
sha256sum: ca4f2267f3e63b77a5813f40531f67cbda8232ed1406730a876af2b05c97d8b3
src_files:
- files/Makefile
revision:
dist: $STX_DIST
stx_patch: -1
GITREVCOUNT:
SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-base-helm
BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29

2
helm-charts/upstream/istio-helm/files/Makefile → helm-charts/upstream/istio-base-helm/files/Makefile
View File

@@ -1,7 +1,7 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

5
helm-charts/upstream/istio-cni-helm/debian/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
istio-cni-helm (1.22-1) unstable; urgency=medium
* Initial Release, removing dependency on Istio Operator
-- Aman Pandae <amanpandae.mothukuri@windriver.com> Fri, 04 Jul 2025 06:42:17 +0000

6
helm-charts/upstream/istio-helm/debian/deb_folder/control → helm-charts/upstream/istio-cni-helm/debian/deb_folder/control
View File

@@ -1,4 +1,4 @@
Source: istio-helm
Source: istio-cni-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
@@ -7,9 +7,9 @@ Build-Depends: debhelper-compat (= 13),
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: istio-helm
Package: istio-cni-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Istio Helm Charts
Description: StarlingX Istio CNI Helm Charts
This package contains helm charts for the istio application.

41
helm-charts/upstream/istio-cni-helm/debian/deb_folder/copyright Normal file
View File

@@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: istio-cni-helm
Source: https://opendev.org/starlingx/app-istio/
Files: *
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

1
helm-charts/upstream/istio-cni-helm/debian/deb_folder/istio-cni-helm.install Normal file
View File

@@ -0,0 +1 @@
usr/lib/helm/*

15
helm-charts/upstream/istio-helm/debian/deb_folder/rules → helm-charts/upstream/istio-cni-helm/debian/deb_folder/rules
View File

@@ -14,20 +14,23 @@ export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION)
override_dh_auto_build:
mkdir -p istio-operator
mkdir -p istio-cni
#Copy istio-operator chart
cp -r manifests/charts/* istio-operator
#Copy istio-cni chart
cp Chart.yaml istio-cni
cp values.yaml istio-cni
cp -r templates istio-cni
cp -r files istio-cni
# Set up chart build files.
cp Makefile istio-operator
cp Makefile istio-cni
# Create the TGZ file.
cd istio-operator && make CHART_VERSION=$(CHART_VERSION) istio-operator
make CHART_VERSION=$(CHART_VERSION) istio-cni
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(CHART_FOLDER)
install -p -D -m 755 istio-operator/istio-operator*.tgz $(CHART_FOLDER)
install -p -D -m 755 cni*.tgz $(CHART_FOLDER)
override_dh_auto_test:

1
helm-charts/upstream/istio-cni-helm/debian/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

15
helm-charts/upstream/istio-cni-helm/debian/meta_data.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
debname: istio-cni-helm
debver: 1.22-1
dl_path:
name: helm-charts-istio-cni-1.22.1.tar.gz
url: https://storage.googleapis.com/istio-release/releases/1.22.1/helm/cni-1.22.1.tgz
sha256sum: 459a44c3fc1e97bb82c4cb409e0a7257963043deb3d50fb3ecbcf5a2e652da0b
src_files:
- files/Makefile
revision:
dist: $STX_DIST
stx_patch: -1
GITREVCOUNT:
SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-cni-helm
BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29

41
helm-charts/upstream/istio-cni-helm/files/Makefile Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -rf */charts */tmpcharts
%:
@:

5
helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
istio-egressgateway-helm (1.22-1) unstable; urgency=medium
* Initial Release, removing dependency on Istio Operator
-- Aman Pandae <amanpandae.mothukuri@windriver.com> Fri, 04 Jul 2025 06:42:17 +0000

15
helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/control Normal file
View File

@@ -0,0 +1,15 @@
Source: istio-egressgateway-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: istio-egressgateway-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Istio egressgateway Helm Charts
This package contains helm charts for the istio application.

41
helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/copyright Normal file
View File

@@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: istio-egressgateway-helm
Source: https://opendev.org/starlingx/app-istio/
Files: *
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

1
helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/istio-egressgateway-helm.install Normal file
View File

@@ -0,0 +1 @@
usr/lib/helm/*

33
helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/rules Executable file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export CHART_FOLDER = $(ROOT)/usr/lib/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3)
export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION)
%:
dh $@
override_dh_auto_build:
mkdir -p istio-egressgateway
# We are picking the istio-egress chart from istio repository.
# Other plugins directly have their own tgz to pull
# istio-egress and ingress don't have it.
# For more clarity look at meta_data.yaml
cp -r manifests/charts/gateways/istio-egress/* istio-egressgateway
# Create the TGZ file.
make CHART_VERSION=$(CHART_VERSION) istio-egressgateway
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(CHART_FOLDER)
install -p -D -m 755 istio-egress*.tgz $(CHART_FOLDER)
override_dh_auto_test:

1
helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

8
helm-charts/upstream/istio-helm/debian/meta_data.yaml → helm-charts/upstream/istio-egressgateway-helm/debian/meta_data.yaml
View File

@@ -1,8 +1,8 @@
---
debname: istio-helm
debname: istio-egressgateway-helm
debver: 1.22-1
dl_path:
name: helm-charts-istio-1.22.1.tar.gz
name: helm-charts-istio-egressgateway-1.22.1.tar.gz
url: https://github.com/istio/istio/archive/refs/tags/1.22.1.tar.gz
sha256sum: 053e121a56aac7a75fbbfcab3332efe1b1577385b7b2e17f94d857f6bacbee29
src_files:
@@ -11,5 +11,5 @@ revision:
dist: $STX_DIST
stx_patch: -1
GITREVCOUNT:
SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-helm
BASE_SRCREV: 245357e2ff1271c5451b6b369fb7dc894a04f962
SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-egressgateway-helm
BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29

41
helm-charts/upstream/istio-egressgateway-helm/files/Makefile Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -rf */charts */tmpcharts
%:
@:

11
helm-charts/upstream/istio-helm/debian/deb_folder/changelog
View File

@@ -1,11 +0,0 @@
istio-helm (1.22-1) unstable; urgency=medium
* Update istio chart version
-- Sirin Shaikh <sirin.shaikh@windriver.com> Thu, 20 Jun 2024 09:17:09 +0000
istio-helm (1.19-4) unstable; urgency=medium
* Auto-increment chart version
-- Aman Pandae <amanpandae.mothukuri@windriver.com> Thu, 2 May 2024 07:00:00 +0000

5
helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
istio-ingressgateway-helm (1.22-1) unstable; urgency=medium
* Initial Release, removing dependency on Istio Operator
-- Aman Pandae <amanpandae.mothukuri@windriver.com> Fri, 04 Jul 2025 06:42:17 +0000

15
helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/control Normal file
View File

@@ -0,0 +1,15 @@
Source: istio-ingressgateway-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: istio-ingressgateway-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Istio ingressgateway Helm Charts
This package contains helm charts for the istio application.

41
helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/copyright Normal file
View File

@@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: istio-egressgateway-helm
Source: https://opendev.org/starlingx/app-istio/
Files: *
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

1
helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/istio-ingressgateway-helm.install Normal file
View File

@@ -0,0 +1 @@
usr/lib/helm/*

33
helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/rules Executable file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export CHART_FOLDER = $(ROOT)/usr/lib/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3)
export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION)
%:
dh $@
override_dh_auto_build:
mkdir -p istio-ingressgateway
# We are picking the istio-ingress chart from istio repository.
# Other plugins directly have their own tgz to pull
# istio-ingress and egress don't have it
# For more clarity look at meta_data.yaml
cp -r manifests/charts/gateways/istio-ingress/* istio-ingressgateway
# Create the TGZ file.
make CHART_VERSION=$(CHART_VERSION) istio-ingressgateway
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(CHART_FOLDER)
install -p -D -m 755 istio-ingress*.tgz $(CHART_FOLDER)
override_dh_auto_test:

1
helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

15
helm-charts/upstream/istio-ingressgateway-helm/debian/meta_data.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
debname: istio-ingressgateway-helm
debver: 1.22-1
dl_path:
name: helm-charts-istio-ingressgateway-1.22.1.tar.gz
url: https://github.com/istio/istio/archive/refs/tags/1.22.1.tar.gz
sha256sum: 053e121a56aac7a75fbbfcab3332efe1b1577385b7b2e17f94d857f6bacbee29
src_files:
- files/Makefile
revision:
dist: $STX_DIST
stx_patch: -1
GITREVCOUNT:
SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-ingressgateway-helm
BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29

41
helm-charts/upstream/istio-ingressgateway-helm/files/Makefile Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -rf */charts */tmpcharts
%:
@:

5
helm-charts/upstream/istio-pilot-helm/debian/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
istio-pilot-helm (1.22-1) unstable; urgency=medium
* Initial Release, removing dependency on Istio Operator
-- Aman Pandae <amanpandae.mothukuri@windriver.com> Fri, 04 Jul 2025 06:42:17 +0000

15
helm-charts/upstream/istio-pilot-helm/debian/deb_folder/control Normal file
View File

@@ -0,0 +1,15 @@
Source: istio-pilot-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: istio-pilot-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Istio Pilot Helm Charts
This package contains helm charts for the istio application.

41
helm-charts/upstream/istio-pilot-helm/debian/deb_folder/copyright Normal file
View File

@@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: istio-pilot-helm
Source: https://opendev.org/starlingx/app-istio/
Files: *
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

1
helm-charts/upstream/istio-pilot-helm/debian/deb_folder/istio-pilot-helm.install Normal file
View File

@@ -0,0 +1 @@
usr/lib/helm/*

33
helm-charts/upstream/istio-pilot-helm/debian/deb_folder/rules Executable file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export CHART_FOLDER = $(ROOT)/usr/lib/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3)
export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION)
%:
dh $@
override_dh_auto_build:
mkdir -p istio-pilot
#Copy istio-pilot chart
cp Chart.yaml istio-pilot
cp values.yaml istio-pilot
cp -r templates istio-pilot
cp -r files istio-pilot
# Create the TGZ file.
make CHART_VERSION=$(CHART_VERSION) istio-pilot
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(CHART_FOLDER)
install -p -D -m 755 istiod*.tgz $(CHART_FOLDER)
override_dh_auto_test:

1
helm-charts/upstream/istio-pilot-helm/debian/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

15
helm-charts/upstream/istio-pilot-helm/debian/meta_data.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
debname: istio-pilot-helm
debver: 1.22-1
dl_path:
name: helm-charts-istio-pilot-1.22.1.tar.gz
url: https://storage.googleapis.com/istio-release/releases/1.22.1/helm/istiod-1.22.1.tgz
sha256sum: 171356f34144995ca913a0f07f4f86dd54026fca6236164cb92b56361a77ce49
src_files:
- files/Makefile
revision:
dist: $STX_DIST
stx_patch: -1
GITREVCOUNT:
SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-pilot-helm
BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29

41
helm-charts/upstream/istio-pilot-helm/files/Makefile Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -rf */charts */tmpcharts
%:
@:

11
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/common/constants.py
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2023 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -8,12 +8,17 @@
HELM_APP_ISTIO = 'istio'
# Namespace to deploy the application
HELM_NS_ISTIO_OPERATOR = 'istio-operator'
HELM_NS_ISTIO_SYSTEM = 'istio-system'
# Helm: Supported charts:
# These values match the names in the chart package's Chart.yaml
HELM_CHART_ISTIO_OPERATOR = 'istio-operator'
HELM_CHART_ISTIO_BASE = 'base'
HELM_CHART_ISTIO_CNI = 'cni'
HELM_CHART_ISTIO_PILOT = 'istiod'
HELM_CHART_ISTIO_GATEWAYS = 'gateways'
HELM_CHART_ISTIO_INGRESSGATEWAY = 'istio-ingress'
HELM_CHART_ISTIO_EGRESSGATEWAY = 'istio-egress'
HELM_CHART_KIALI_SERVER = 'kiali-server'
HELM_COMPONENT_LABEL_ISTIO = 'app.starlingx.io/component'

74
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_base.py Normal file
View File

@@ -0,0 +1,74 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class IstioBaseHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the istio-base chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_ISTIO_SYSTEM]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_ISTIO:
base.BaseHelm.SUPPORTED_NAMESPACES +
[app_constants.HELM_NS_ISTIO_SYSTEM]
}
CHART = app_constants.HELM_CHART_ISTIO_BASE
SERVICE_NAME = app_constants.HELM_APP_ISTIO
HELM_RELEASE = app_constants.HELM_CHART_ISTIO_BASE
def _is_enabled(self, app_name, chart_name, namespace):
"""
Check if the chart is enable at a system level
:param app_name: Application name
:param chart_name: Chart supplied with the application
:param namespace: Namespace where the chart will be executed
Returns true by default if an exception occurs as most charts are
enabled.
"""
return super(IstioBaseHelm, self)._is_enabled(
app_name, chart_name, namespace)
def execute_kustomize_updates(self, operator):
"""
Update the elements of FluxCD kustomize manifests.
This allows a helm chart plugin to use the FluxCDKustomizeOperator to
make dynamic structural changes to the application manifest based on the
current conditions in the platform
Changes currenty include updates to the top level kustomize manifest to
disable helm releases.
:param operator: an instance of the FluxCDKustomizeOperator
"""
if not self._is_enabled(operator.APP, self.CHART,
app_constants.HELM_NS_ISTIO_SYSTEM):
operator.helm_release_resource_delete(self.HELM_RELEASE)
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
app_constants.HELM_NS_ISTIO_SYSTEM: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

74
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_cni.py Normal file
View File

@@ -0,0 +1,74 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class IstioCniHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the istio-cni chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_ISTIO_SYSTEM]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_ISTIO:
base.BaseHelm.SUPPORTED_NAMESPACES +
[app_constants.HELM_NS_ISTIO_SYSTEM]
}
CHART = app_constants.HELM_CHART_ISTIO_CNI
SERVICE_NAME = app_constants.HELM_APP_ISTIO
HELM_RELEASE = app_constants.HELM_CHART_ISTIO_CNI
def _is_enabled(self, app_name, chart_name, namespace):
"""
Check if the chart is enable at a system level
:param app_name: Application name
:param chart_name: Chart supplied with the application
:param namespace: Namespace where the chart will be executed
Returns true by default if an exception occurs as most charts are
enabled.
"""
return super(IstioCniHelm, self)._is_enabled(
app_name, chart_name, namespace)
def execute_kustomize_updates(self, operator):
"""
Update the elements of FluxCD kustomize manifests.
This allows a helm chart plugin to use the FluxCDKustomizeOperator to
make dynamic structural changes to the application manifest based on the
current conditions in the platform
Changes currenty include updates to the top level kustomize manifest to
disable helm releases.
:param operator: an instance of the FluxCDKustomizeOperator
"""
if not self._is_enabled(operator.APP, self.CHART,
app_constants.HELM_NS_ISTIO_SYSTEM):
operator.helm_release_resource_delete(self.HELM_RELEASE)
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
app_constants.HELM_NS_ISTIO_SYSTEM: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

74
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_egressgateway.py Normal file
View File

@@ -0,0 +1,74 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class IstioEgressGatewayHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the istio-egress chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_ISTIO_SYSTEM]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_ISTIO:
base.BaseHelm.SUPPORTED_NAMESPACES +
[app_constants.HELM_NS_ISTIO_SYSTEM]
}
CHART = app_constants.HELM_CHART_ISTIO_EGRESSGATEWAY
SERVICE_NAME = app_constants.HELM_APP_ISTIO
HELM_RELEASE = app_constants.HELM_CHART_ISTIO_EGRESSGATEWAY
def _is_enabled(self, app_name, chart_name, namespace):
"""
Check if the chart is enable at a system level
:param app_name: Application name
:param chart_name: Chart supplied with the application
:param namespace: Namespace where the chart will be executed
Returns true by default if an exception occurs as most charts are
enabled.
"""
return super(IstioEgressGatewayHelm, self)._is_enabled(
app_name, chart_name, namespace)
def execute_kustomize_updates(self, operator):
"""
Update the elements of FluxCD kustomize manifests.
This allows a helm chart plugin to use the FluxCDKustomizeOperator to
make dynamic structural changes to the application manifest based on the
current conditions in the platform
Changes currenty include updates to the top level kustomize manifest to
disable helm releases.
:param operator: an instance of the FluxCDKustomizeOperator
"""
if not self._is_enabled(operator.APP, self.CHART,
app_constants.HELM_NS_ISTIO_SYSTEM):
operator.helm_release_resource_delete(self.HELM_RELEASE)
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
app_constants.HELM_NS_ISTIO_SYSTEM: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

74
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_ingressgateway.py Normal file
View File

@@ -0,0 +1,74 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class IstioIngressGatewayHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the istio-ingress chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_ISTIO_SYSTEM]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_ISTIO:
base.BaseHelm.SUPPORTED_NAMESPACES +
[app_constants.HELM_NS_ISTIO_SYSTEM]
}
CHART = app_constants.HELM_CHART_ISTIO_INGRESSGATEWAY
SERVICE_NAME = app_constants.HELM_APP_ISTIO
HELM_RELEASE = app_constants.HELM_CHART_ISTIO_INGRESSGATEWAY
def _is_enabled(self, app_name, chart_name, namespace):
"""
Check if the chart is enable at a system level
:param app_name: Application name
:param chart_name: Chart supplied with the application
:param namespace: Namespace where the chart will be executed
Returns true by default if an exception occurs as most charts are
enabled.
"""
return super(IstioIngressGatewayHelm, self)._is_enabled(
app_name, chart_name, namespace)
def execute_kustomize_updates(self, operator):
"""
Update the elements of FluxCD kustomize manifests.
This allows a helm chart plugin to use the FluxCDKustomizeOperator to
make dynamic structural changes to the application manifest based on the
current conditions in the platform
Changes currenty include updates to the top level kustomize manifest to
disable helm releases.
:param operator: an instance of the FluxCDKustomizeOperator
"""
if not self._is_enabled(operator.APP, self.CHART,
app_constants.HELM_NS_ISTIO_SYSTEM):
operator.helm_release_resource_delete(self.HELM_RELEASE)
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
app_constants.HELM_NS_ISTIO_SYSTEM: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

42
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_operator.py
View File

@@ -1,42 +0,0 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class IstioHelm(base.BaseHelm):
"""Class to encapsulate helm operations for the istio chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_ISTIO_SYSTEM]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_ISTIO:
base.BaseHelm.SUPPORTED_NAMESPACES +
[app_constants.HELM_NS_ISTIO_SYSTEM]
}
CHART = app_constants.HELM_CHART_ISTIO_OPERATOR
SERVICE_NAME = app_constants.HELM_APP_ISTIO
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
app_constants.HELM_NS_ISTIO_SYSTEM: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

74
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_pilot.py Normal file
View File

@@ -0,0 +1,74 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class IstioPilotHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the istio-pilot chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_ISTIO_SYSTEM]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_ISTIO:
base.BaseHelm.SUPPORTED_NAMESPACES +
[app_constants.HELM_NS_ISTIO_SYSTEM]
}
CHART = app_constants.HELM_CHART_ISTIO_PILOT
SERVICE_NAME = app_constants.HELM_APP_ISTIO
HELM_RELEASE = app_constants.HELM_CHART_ISTIO_PILOT
def _is_enabled(self, app_name, chart_name, namespace):
"""
Check if the chart is enable at a system level
:param app_name: Application name
:param chart_name: Chart supplied with the application
:param namespace: Namespace where the chart will be executed
Returns true by default if an exception occurs as most charts are
enabled.
"""
return super(IstioPilotHelm, self)._is_enabled(
app_name, chart_name, namespace)
def execute_kustomize_updates(self, operator):
"""
Update the elements of FluxCD kustomize manifests.
This allows a helm chart plugin to use the FluxCDKustomizeOperator to
make dynamic structural changes to the application manifest based on the
current conditions in the platform
Changes currenty include updates to the top level kustomize manifest to
disable helm releases.
:param operator: an instance of the FluxCDKustomizeOperator
"""
if not self._is_enabled(operator.APP, self.CHART,
app_constants.HELM_NS_ISTIO_SYSTEM):
operator.helm_release_resource_delete(self.HELM_RELEASE)
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
app_constants.HELM_NS_ISTIO_SYSTEM: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

36
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/kiali_server.py
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -10,7 +10,7 @@ from sysinv.helm import base
from k8sapp_istio.common import constants as app_constants
class KialiHelm(base.BaseHelm):
class KialiHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the Kiali chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
@@ -24,6 +24,38 @@ class KialiHelm(base.BaseHelm):
CHART = app_constants.HELM_CHART_KIALI_SERVER
SERVICE_NAME = app_constants.HELM_APP_ISTIO
HELM_RELEASE = app_constants.HELM_CHART_KIALI_SERVER
def _is_enabled(self, app_name, chart_name, namespace):
"""
Check if the chart is enable at a system level
:param app_name: Application name
:param chart_name: Chart supplied with the application
:param namespace: Namespace where the chart will be executed
Returns true by default if an exception occurs as most charts are
enabled.
"""
return super(KialiHelm, self)._is_enabled(
app_name, chart_name, namespace)
def execute_kustomize_updates(self, operator):
"""
Update the elements of FluxCD kustomize manifests.
This allows a helm chart plugin to use the FluxCDKustomizeOperator to
make dynamic structural changes to the application manifest based on the
current conditions in the platform
Changes currenty include updates to the top level kustomize manifest to
disable helm releases.
:param operator: an instance of the FluxCDKustomizeOperator
"""
if not self._is_enabled(operator.APP, self.CHART,
app_constants.HELM_NS_ISTIO_SYSTEM):
operator.helm_release_resource_delete(self.HELM_RELEASE)
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES

19
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/__init__.py Normal file
View File

@@ -0,0 +1,19 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import yaml
class quoted_str(str):
pass
# force strings to be single-quoted to avoid interpretation as numeric values
def quoted_presenter(dumper, data):
return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style="'")
yaml.add_representer(quoted_str, quoted_presenter)

27
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/kustomize_istio.py Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
""" System inventory Kustomization resource operator."""
from k8sapp_istio.common import constants as app_constants
from sysinv.helm import kustomize_base as base
class IstioFluxCDKustomizeOperator(base.FluxCDKustomizeOperator):
APP = app_constants.HELM_APP_ISTIO
def platform_mode_kustomize_updates(self, dbapi, mode):
""" Update the top-level kustomization resource list
Make changes to the top-level kustomization resource list based on the
platform mode
:param dbapi: DB api object
:param mode: mode to control when to update the resource list
"""
pass

99
python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/lifecycle/lifecycle_istio.py
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2023 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -39,21 +39,18 @@ class IstioAppLifecycleOperator(base.AppLifecycleOperator):
if hook_info.relative_timing == LifecycleConstants.APP_LIFECYCLE_TIMING_POST:
return self.post_apply(app_op, app, hook_info)
if hook_info.lifecycle_type == LifecycleConstants.APP_LIFECYCLE_TYPE_OPERATION:
if hook_info.operation == constants.APP_REMOVE_OP:
if hook_info.lifecycle_type == LifecycleConstants.APP_LIFECYCLE_TYPE_RESOURCE:
if hook_info.operation == constants.APP_UPDATE_OP:
if hook_info.relative_timing == LifecycleConstants.APP_LIFECYCLE_TIMING_PRE:
return self.pre_remove(app)
if hook_info.lifecycle_type == LifecycleConstants.APP_LIFECYCLE_TYPE_OPERATION:
if hook_info.operation == constants.APP_REMOVE_OP:
if hook_info.relative_timing == LifecycleConstants.APP_LIFECYCLE_TIMING_POST:
return self.post_remove(app)
return self.pre_update(app)
super(IstioAppLifecycleOperator, self).app_lifecycle_actions(
context, conductor_obj, app_op, app, hook_info
)
def post_apply(self, app_op, app, hook_info):
LOG.info(
"Application apply is being called for {} app".format(app_constants.HELM_APP_ISTIO))
if LifecycleConstants.EXTRA not in hook_info:
raise exception.LifecycleMissingInfo("Missing {}".format(LifecycleConstants.EXTRA))
if LifecycleConstants.RETURN_CODE not in hook_info[LifecycleConstants.EXTRA]:
@@ -109,44 +106,42 @@ class IstioAppLifecycleOperator(base.AppLifecycleOperator):
if old_namespace_label != namespace_label:
self._delete_istio_pods(app_op, client_core)
def pre_remove(self, app):
LOG.debug(
"Executing pre_remove for {} app".format(app_constants.HELM_APP_ISTIO)
def pre_update(self, app):
LOG.info(
"Executing pre_update for {} app".format(app_constants.HELM_APP_ISTIO)
)
# Delete istio-operator.yaml if it exists
# Scenario of Istio App Update:-
# v1 - Istio Operator exists in the fluxcd manifests
# v2 - Istio Operator is deprecated and not needed anymore
# App is updated from v1 to v2, Old istio-operator.yaml is not needed
# This takes care of Kubernetes deployment of Istio Operator
# Old Manifests files removal is handled in sysinv, conductor/kube_app.py
yfile = os.path.join(app.sync_fluxcd_manifest, 'istio-operator/istio-operator.yaml')
if os.path.exists(yfile):
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', '-f', yfile]
'delete', '-f', yfile, "--request-timeout=30s"]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
# Comment out istio-operator.yaml in the kustomization.yaml
LOG.info("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
# Comment out istio-operator.yaml in the kustomization.yaml if it exists
kust_file = os.path.join(app.sync_fluxcd_manifest, 'istio-operator/kustomization.yaml')
cmd = ['sed', '-i', '/istio-operator.yaml/s/^/#/g', kust_file]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
def post_remove(self, app):
LOG.debug(
"Executing post_remove for {} app".format(app_constants.HELM_APP_ISTIO)
)
# Uncomment istio-operator.yaml in the kustomization.yaml
kust_file = os.path.join(app.sync_fluxcd_manifest, 'istio-operator/kustomization.yaml')
cmd = ['sed', '-i', '/istio-operator.yaml/s/^#//g', kust_file]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: post_remove cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
if os.path.exists(kust_file):
cmd = ['sed', '-i', '/istio-operator.yaml/s/^/#/g', kust_file]
stdout, stderr = cutils.trycmd(*cmd)
LOG.info("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
self.remove_finalizers_crd()
def _get_helm_user_overrides(self, dbapi_instance, db_app_id):
try:
overrides = dbapi_instance.helm_override_get(
app_id=db_app_id,
name=app_constants.HELM_CHART_ISTIO_OPERATOR,
name=app_constants.HELM_CHART_ISTIO_BASE,
namespace=app_constants.HELM_NS_ISTIO_SYSTEM,
)
except exception.HelmOverrideNotFound:
values = {
"name": app_constants.HELM_CHART_ISTIO_OPERATOR,
"namespace": app_constants.HELM_NS_ISTIO_OPERATOR,
"name": app_constants.HELM_CHART_ISTIO_BASE,
"namespace": app_constants.HELM_NS_ISTIO_SYSTEM,
"db_app_id": db_app_id,
}
overrides = dbapi_instance.helm_override_create(values=values)
@@ -163,3 +158,43 @@ class IstioAppLifecycleOperator(base.AppLifecycleOperator):
namespace=app_constants.HELM_NS_ISTIO_SYSTEM,
grace_periods_seconds=0
)
def remove_finalizers_crd(self):
""" Remove finalizers from CustomResourceDefinitions (CRDs)
This function removes finalizers from istio-operator CRD
Needed in case of Application update from N to N+1 where
N is dependent on istio-operator and
N+1 is not dependent on istio-operator.
This is needed to avoid the istio-operator CRD being stuck in
terminating state.
"""
# Get crd of istiooperator.install.istio.io example-istiocontrolplane
cmd_crds = ["kubectl", "--kubeconfig", kubernetes.KUBERNETES_ADMIN_CONF, "get", "crd",
"-o=jsonpath='{.items[?(@.spec.group==\"install.istio.io\")].metadata.name}'"]
stdout, stderr = cutils.trycmd(*cmd_crds)
if not stderr:
LOG.info("Removing finalizer from istio-system CRD {}".format(stdout))
crds = stdout.replace("'", "").strip().split(" ")
for crd_name in crds:
# Get custom resources based on each istio-system CRD
cmd_instances = ["kubectl", "--kubeconfig", kubernetes.KUBERNETES_ADMIN_CONF,
"get", "-n", "istio-system", crd_name,
"-o", "name", "--request-timeout=10s"]
stdout, stderr = cutils.trycmd(*cmd_instances)
crd_instances = stdout.strip().split("\n")
if not stderr and crd_instances:
for crd_instance in crd_instances:
if crd_instance:
# Patch each custom resource to remove finalizers
patch_cmd = ["kubectl",
"--kubeconfig", kubernetes.KUBERNETES_ADMIN_CONF,
"patch", "-n", "istio-system", crd_instance,
"--type=json",
"-p", '[{"op": "remove", "path": "/metadata/finalizers"}]',
"--request-timeout=10s"]
stdout, stderr = cutils.trycmd(*patch_cmd)
LOG.debug(f"{crd_instance} \n stdout: {stdout} \n stderr: {stderr}")
else:
LOG.error("Error removing finalizers: {stderr}")

11
python3-k8sapp-istio/k8sapp_istio/setup.cfg
View File

@@ -33,8 +33,15 @@ systemconfig.helm_applications =
istio = systemconfig.helm_plugins.istio
systemconfig.helm_plugins.istio =
001_istio-operator = k8sapp_istio.helm.istio_operator:IstioHelm
002_kiali-server = k8sapp_istio.helm.kiali_server:KialiHelm
001_base = k8sapp_istio.helm.istio_base:IstioBaseHelm
002_cni = k8sapp_istio.helm.istio_cni:IstioCniHelm
003_istiod = k8sapp_istio.helm.istio_pilot:IstioPilotHelm
004_istio-ingress = k8sapp_istio.helm.istio_ingressgateway:IstioIngressGatewayHelm
005_istio-egress = k8sapp_istio.helm.istio_egressgateway:IstioEgressGatewayHelm
006_kiali-server = k8sapp_istio.helm.kiali_server:KialiHelm
systemconfig.fluxcd.kustomize_ops =
istio = k8sapp_istio.kustomize.kustomize_istio:IstioFluxCDKustomizeOperator
systemconfig.app_lifecycle =
istio = k8sapp_istio.lifecycle.lifecycle_istio:IstioAppLifecycleOperator

2
python3-k8sapp-istio/k8sapp_istio/tox.ini
View File

@@ -39,7 +39,7 @@ setenv = VIRTUAL_ENV={envdir}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/sysinv/sysinv/sysinv
{[tox]stxdir}/config/sysinv/sysinv/sysinv
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/fault/fm-api/source
-e{[tox]stxdir}/fault/python-fmclient/fmclient

6
stx-istio-helm/debian/deb_folder/control
View File

@@ -3,7 +3,11 @@ Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
istio-helm,
istio-base-helm,
istio-cni-helm,
istio-pilot-helm,
istio-ingressgateway-helm,
istio-egressgateway-helm,
kiali-helm,
python3-k8sapp-istio-wheels,
build-info

18
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/helmrelease.yaml → stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/helmrelease.yaml
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2024 Wind River Systems, Inc.
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -7,14 +7,14 @@
apiVersion: "helm.toolkit.fluxcd.io/v2"
kind: HelmRelease
metadata:
name: istio-operator
name: base
labels:
chart_group: istio-charts
spec:
releaseName: istio-istio-operator
releaseName: istio-istio-base
chart:
spec:
chart: istio-operator
chart: base
version: REPLACE_HELM_CHART_VERSION
sourceRef:
kind: HelmRepository
@@ -25,12 +25,14 @@ spec:
enable: false
install:
disableHooks: false
crds: Create
upgrade:
disableHooks: false
crds: CreateReplace
valuesFrom:
- kind: Secret
name: istio-operator-static-overrides
valuesKey: istio-operator-static-overrides.yaml
name: istio-base-static-overrides
valuesKey: istio-base-static-overrides.yaml
- kind: Secret
name: istio-operator-system-overrides
valuesKey: istio-operator-system-overrides.yaml
name: istio-base-system-overrides
valuesKey: istio-base-system-overrides.yaml

8
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-static-overrides.yaml Normal file
View File

@@ -0,0 +1,8 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
app.starlingx.io/component: platform

5
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-system-overrides.yaml Normal file
View File

@@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

18
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: istio-system
resources:
- helmrelease.yaml
secretGenerator:
- name: istio-base-static-overrides
files:
- istio-base-static-overrides.yaml
- name: istio-base-system-overrides
files:
- istio-base-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

39
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/helmrelease.yaml Normal file
View File

@@ -0,0 +1,39 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2"
kind: HelmRelease
metadata:
name: cni
labels:
chart_group: istio-charts
spec:
releaseName: istio-istio-cni
chart:
spec:
chart: cni
version: REPLACE_HELM_CHART_VERSION
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: base
namespace: istio-system
valuesFrom:
- kind: Secret
name: istio-cni-static-overrides
valuesKey: istio-cni-static-overrides.yaml
- kind: Secret
name: istio-cni-system-overrides
valuesKey: istio-cni-system-overrides.yaml

34
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-static-overrides.yaml Normal file
View File

@@ -0,0 +1,34 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
app.starlingx.io/component: platform
# cniBinDir: /opt/cni/bin is the default value in the istio-cni chart.
# We override it to /var/opt/cni/bin because istio-pilot expects it there
cni:
chained: false
cniBinDir: /var/opt/cni/bin
cniConfDir: /etc/cni/net.d
cniConfFileName: istio-cni.conf
excludeNamespaces:
- kube-system
- istio-operator
- istio-system
image: registry.local:9001/docker.io/istio/install-cni:1.22.1
k8s:
readinessProbe:
failureThreshold: 30
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
global:
imagePullSecrets:
- default-registry-key
proxy:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1
proxy_init:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1

5
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-system-overrides.yaml Normal file
View File

@@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

18
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: istio-system
resources:
- helmrelease.yaml
secretGenerator:
- name: istio-cni-static-overrides
files:
- istio-cni-static-overrides.yaml
- name: istio-cni-system-overrides
files:
- istio-cni-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

39
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/helmrelease.yaml Normal file
View File

@@ -0,0 +1,39 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2"
kind: HelmRelease
metadata:
name: istio-egress
labels:
chart_group: istio-charts
spec:
releaseName: istio-istio-egressgateway
chart:
spec:
chart: istio-egress
version: REPLACE_HELM_CHART_VERSION
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: istiod
namespace: istio-system
valuesFrom:
- kind: Secret
name: istio-egressgateway-static-overrides
valuesKey: istio-egressgateway-static-overrides.yaml
- kind: Secret
name: istio-egressgateway-system-overrides
valuesKey: istio-egressgateway-system-overrides.yaml

23
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-static-overrides.yaml Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
gateways:
istio-egressgateway:
enabled: true
readinessProbe:
failureThreshold: 30
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
global:
imagePullSecrets:
- default-registry-key
proxy:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1
proxy_init:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1

5
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-system-overrides.yaml Normal file
View File

@@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

18
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: istio-system
resources:
- helmrelease.yaml
secretGenerator:
- name: istio-egressgateway-static-overrides
files:
- istio-egressgateway-static-overrides.yaml
- name: istio-egressgateway-system-overrides
files:
- istio-egressgateway-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

39
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/helmrelease.yaml Normal file
View File

@@ -0,0 +1,39 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2"
kind: HelmRelease
metadata:
name: istio-ingress
labels:
chart_group: istio-charts
spec:
releaseName: istio-istio-ingressgateway
chart:
spec:
chart: istio-ingress
version: REPLACE_HELM_CHART_VERSION
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: istiod
namespace: istio-system
valuesFrom:
- kind: Secret
name: istio-ingressgateway-static-overrides
valuesKey: istio-ingressgateway-static-overrides.yaml
- kind: Secret
name: istio-ingressgateway-system-overrides
valuesKey: istio-ingressgateway-system-overrides.yaml

26
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-static-overrides.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
gateways:
istio-ingressgateway:
enabled: true
# Can be changed to ClusterIP or LoadBalancer if need be using Overrides
# Note: LoadBalancer requires Service IP, StarlingX doesn't set it automatically.
type: NodePort
readinessProbe:
failureThreshold: 30
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
global:
imagePullSecrets:
- default-registry-key
proxy:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1
proxy_init:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1

5
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-system-overrides.yaml Normal file
View File

@@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

18
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: istio-system
resources:
- helmrelease.yaml
secretGenerator:
- name: istio-ingressgateway-static-overrides
files:
- istio-ingressgateway-static-overrides.yaml
- name: istio-ingressgateway-system-overrides
files:
- istio-ingressgateway-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

53
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-static-overrides.yaml
View File

@@ -1,53 +0,0 @@
#
# Copyright (c) 2024 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
hub: registry.local:9001/docker.io/istio
tag: 1.22.1
replicaCount: 1
images:
tags:
istio-operator: docker.io/istio/operator:1.22.1
cni: docker.io/istio/install-cni:1.22.1
pilot: docker.io/istio/pilot:1.22.1
proxyv2: docker.io/istio/proxyv2:1.22.1
# ImagePullSecrets for operator ServiceAccount, list of secrets in the same namespace
# used to pull operator image. Must be set for any cluster configured with private docker registry.
imagePullSecrets:
- default-registry-key
# Used to replace istioNamespace to support operator watch multiple namespaces.
watchedNamespaces: istio-system
waitForResourcesTimeout: 300s
# Used for helm2 to add the CRDs to templates.
enableCRDTemplates: false
# revision for the operator resources
revision: ""
# Operator resource defaults
operator:
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
# Node labels for pod assignment
nodeSelector: {}
# Tolerations for pod assignment
tolerations: []
# Affinity for pod assignment
affinity: {}
# Additional labels and annotations to apply on the pod level for monitoring and logging configuration.
podLabels: {}
podAnnotations: {}

6
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-system-overrides.yaml
View File

@@ -1,6 +0,0 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

69
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator.yaml
View File

@@ -1,69 +0,0 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: demo
components:
cni:
enabled: true
k8s:
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
pilot:
enabled: true
k8s:
readinessProbe:
failureThreshold: 4
initialDelaySeconds: 1
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 5
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
readinessProbe:
failureThreshold: 30
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
egressGateways:
- name: istio-egressgateway
enabled: true
k8s:
readinessProbe:
failureThreshold: 30
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
values:
sidecarInjectorWebhook:
injectedAnnotations:
k8s.v1.cni.cncf.io/networks: istio-cni
cni:
chained: false
cniBinDir: /var/opt/cni/bin
cniConfDir: /etc/cni/net.d
cniConfFileName: istio-cni.conf
excludeNamespaces:
- kube-system
- istio-operator
- istio-system
image: registry.local:9001/docker.io/istio/install-cni:1.22.1
pilot:
image: registry.local:9001/docker.io/istio/pilot:1.22.1
global:
imagePullSecrets:
- default-registry-key
proxy:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1
proxy_init:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1

19
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/kustomization.yaml
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: istio-system
resources:
- helmrelease.yaml
- istio-operator.yaml
secretGenerator:
- name: istio-operator-static-overrides
files:
- istio-operator-static-overrides.yaml
- name: istio-operator-system-overrides
files:
- istio-operator-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

39
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/helmrelease.yaml Normal file
View File

@@ -0,0 +1,39 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2"
kind: HelmRelease
metadata:
name: istiod
labels:
chart_group: istio-charts
spec:
releaseName: istio-istio-pilot
chart:
spec:
chart: istiod
version: REPLACE_HELM_CHART_VERSION
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: cni
namespace: istio-system
valuesFrom:
- kind: Secret
name: istio-pilot-static-overrides
valuesKey: istio-pilot-static-overrides.yaml
- kind: Secret
name: istio-pilot-system-overrides
valuesKey: istio-pilot-system-overrides.yaml

29
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-static-overrides.yaml Normal file
View File

@@ -0,0 +1,29 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
pilot:
enabled: true
image: registry.local:9001/docker.io/istio/pilot:1.22.1
cni:
enabled: true
k8s:
readinessProbe:
failureThreshold: 30
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
sidecarInjectorWebhook:
injectedAnnotations:
k8s.v1.cni.cncf.io/networks: istio-cni
global:
imagePullSecrets:
- default-registry-key
proxy:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1
proxy_init:
image: registry.local:9001/docker.io/istio/proxyv2:1.22.1

5
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-system-overrides.yaml Normal file
View File

@@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

18
stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: istio-system
resources:
- helmrelease.yaml
secretGenerator:
- name: istio-pilot-static-overrides
files:
- istio-pilot-static-overrides.yaml
- name: istio-pilot-system-overrides
files:
- istio-pilot-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

8
stx-istio-helm/stx-istio-helm/fluxcd-manifests/kustomization.yaml
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -9,5 +9,9 @@ kind: Kustomization
namespace: istio-system
resources:
- base
- istio-operator
- istio-base
- istio-cni
- istio-pilot
- istio-ingressgateway
- istio-egressgateway
- kiali-server