diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 4e5a455..51a5538 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -1,4 +1,8 @@ -helm-charts/upstream/istio-helm +helm-charts/upstream/istio-base-helm +helm-charts/upstream/istio-cni-helm +helm-charts/upstream/istio-pilot-helm +helm-charts/upstream/istio-ingressgateway-helm +helm-charts/upstream/istio-egressgateway-helm helm-charts/upstream/kiali-helm python3-k8sapp-istio stx-istio-helm diff --git a/helm-charts/upstream/istio-base-helm/debian/deb_folder/changelog b/helm-charts/upstream/istio-base-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..d151d3c --- /dev/null +++ b/helm-charts/upstream/istio-base-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +istio-base-helm (1.22-1) unstable; urgency=medium + + * Initial Release, removing dependency on Istio Operator + + -- Aman Pandae Fri, 04 Jul 2025 06:42:17 +0000 diff --git a/helm-charts/upstream/istio-base-helm/debian/deb_folder/control b/helm-charts/upstream/istio-base-helm/debian/deb_folder/control new file mode 100644 index 0000000..ecf17de --- /dev/null +++ b/helm-charts/upstream/istio-base-helm/debian/deb_folder/control @@ -0,0 +1,15 @@ +Source: istio-base-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: istio-base-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Istio Base Helm Charts + This package contains helm charts for the istio application. diff --git a/helm-charts/upstream/istio-helm/debian/deb_folder/copyright b/helm-charts/upstream/istio-base-helm/debian/deb_folder/copyright similarity index 93% rename from helm-charts/upstream/istio-helm/debian/deb_folder/copyright rename to helm-charts/upstream/istio-base-helm/debian/deb_folder/copyright index 8c70c0d..dc99b64 100644 --- a/helm-charts/upstream/istio-helm/debian/deb_folder/copyright +++ b/helm-charts/upstream/istio-base-helm/debian/deb_folder/copyright @@ -1,9 +1,9 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: istio-helm +Upstream-Name: istio-base-helm Source: https://opendev.org/starlingx/app-istio/ Files: * -Copyright: (c) 2013-2024 Wind River Systems, Inc +Copyright: (c) 2025 Wind River Systems, Inc License: Apache-2 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ License: Apache-2 # If you want to use GPL v2 or later for the /debian/* files use # the following clauses, or change it to suit. Delete these two lines Files: debian/* -Copyright: 2024 Wind River Systems, Inc +Copyright: 2025 Wind River Systems, Inc License: Apache-2 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/helm-charts/upstream/istio-helm/debian/deb_folder/istio-helm.install b/helm-charts/upstream/istio-base-helm/debian/deb_folder/istio-base-helm.install similarity index 100% rename from helm-charts/upstream/istio-helm/debian/deb_folder/istio-helm.install rename to helm-charts/upstream/istio-base-helm/debian/deb_folder/istio-base-helm.install diff --git a/helm-charts/upstream/istio-base-helm/debian/deb_folder/rules b/helm-charts/upstream/istio-base-helm/debian/deb_folder/rules new file mode 100755 index 0000000..3a04e8b --- /dev/null +++ b/helm-charts/upstream/istio-base-helm/debian/deb_folder/rules @@ -0,0 +1,34 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export CHART_FOLDER = $(ROOT)/usr/lib/helm + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') +export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3) +export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION) + +%: + dh $@ + +override_dh_auto_build: + + mkdir -p istio-base + + # Copy istio-base chart and required crds + cp Chart.yaml istio-base + cp values.yaml istio-base + cp -r templates istio-base + cp -r crds istio-base + cp -r files istio-base + + # Create the tar file for the chart + make CHART_VERSION=$(CHART_VERSION) istio-base + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(CHART_FOLDER) + install -p -D -m 755 base*.tgz $(CHART_FOLDER) + +override_dh_auto_test: diff --git a/helm-charts/upstream/istio-helm/debian/deb_folder/source/format b/helm-charts/upstream/istio-base-helm/debian/deb_folder/source/format similarity index 100% rename from helm-charts/upstream/istio-helm/debian/deb_folder/source/format rename to helm-charts/upstream/istio-base-helm/debian/deb_folder/source/format diff --git a/helm-charts/upstream/istio-base-helm/debian/meta_data.yaml b/helm-charts/upstream/istio-base-helm/debian/meta_data.yaml new file mode 100644 index 0000000..80353fb --- /dev/null +++ b/helm-charts/upstream/istio-base-helm/debian/meta_data.yaml @@ -0,0 +1,15 @@ +--- +debname: istio-base-helm +debver: 1.22-1 +dl_path: + name: helm-charts-istio-base-1.22.1.tar.gz + url: https://storage.googleapis.com/istio-release/releases/1.22.1/helm/base-1.22.1.tgz + sha256sum: ca4f2267f3e63b77a5813f40531f67cbda8232ed1406730a876af2b05c97d8b3 +src_files: + - files/Makefile +revision: + dist: $STX_DIST + stx_patch: -1 + GITREVCOUNT: + SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-base-helm + BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29 diff --git a/helm-charts/upstream/istio-helm/files/Makefile b/helm-charts/upstream/istio-base-helm/files/Makefile similarity index 93% rename from helm-charts/upstream/istio-helm/files/Makefile rename to helm-charts/upstream/istio-base-helm/files/Makefile index bb4edf2..503f81c 100644 --- a/helm-charts/upstream/istio-helm/files/Makefile +++ b/helm-charts/upstream/istio-base-helm/files/Makefile @@ -1,7 +1,7 @@ # # Copyright 2017 The Openstack-Helm Authors. # -# Copyright (c) 2022-2024 Wind River Systems, Inc. +# Copyright (c) 2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # diff --git a/helm-charts/upstream/istio-cni-helm/debian/deb_folder/changelog b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..a81ab5d --- /dev/null +++ b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +istio-cni-helm (1.22-1) unstable; urgency=medium + + * Initial Release, removing dependency on Istio Operator + + -- Aman Pandae Fri, 04 Jul 2025 06:42:17 +0000 diff --git a/helm-charts/upstream/istio-helm/debian/deb_folder/control b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/control similarity index 78% rename from helm-charts/upstream/istio-helm/debian/deb_folder/control rename to helm-charts/upstream/istio-cni-helm/debian/deb_folder/control index d85395d..cd924e0 100644 --- a/helm-charts/upstream/istio-helm/debian/deb_folder/control +++ b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/control @@ -1,4 +1,4 @@ -Source: istio-helm +Source: istio-cni-helm Section: libs Priority: optional Maintainer: StarlingX Developers @@ -7,9 +7,9 @@ Build-Depends: debhelper-compat (= 13), Standards-Version: 4.5.1 Homepage: https://www.starlingx.io -Package: istio-helm +Package: istio-cni-helm Section: libs Architecture: any Depends: ${misc:Depends} -Description: StarlingX Istio Helm Charts +Description: StarlingX Istio CNI Helm Charts This package contains helm charts for the istio application. diff --git a/helm-charts/upstream/istio-cni-helm/debian/deb_folder/copyright b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..646e372 --- /dev/null +++ b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: istio-cni-helm +Source: https://opendev.org/starlingx/app-istio/ + +Files: * +Copyright: (c) 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/helm-charts/upstream/istio-cni-helm/debian/deb_folder/istio-cni-helm.install b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/istio-cni-helm.install new file mode 100644 index 0000000..8a0c6de --- /dev/null +++ b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/istio-cni-helm.install @@ -0,0 +1 @@ +usr/lib/helm/* diff --git a/helm-charts/upstream/istio-helm/debian/deb_folder/rules b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/rules similarity index 70% rename from helm-charts/upstream/istio-helm/debian/deb_folder/rules rename to helm-charts/upstream/istio-cni-helm/debian/deb_folder/rules index 47409e1..ee5f04c 100755 --- a/helm-charts/upstream/istio-helm/debian/deb_folder/rules +++ b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/rules @@ -14,20 +14,23 @@ export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION) override_dh_auto_build: - mkdir -p istio-operator + mkdir -p istio-cni - #Copy istio-operator chart - cp -r manifests/charts/* istio-operator + #Copy istio-cni chart + cp Chart.yaml istio-cni + cp values.yaml istio-cni + cp -r templates istio-cni + cp -r files istio-cni # Set up chart build files. - cp Makefile istio-operator + cp Makefile istio-cni # Create the TGZ file. - cd istio-operator && make CHART_VERSION=$(CHART_VERSION) istio-operator + make CHART_VERSION=$(CHART_VERSION) istio-cni override_dh_auto_install: # Install the app tar file. install -d -m 755 $(CHART_FOLDER) - install -p -D -m 755 istio-operator/istio-operator*.tgz $(CHART_FOLDER) + install -p -D -m 755 cni*.tgz $(CHART_FOLDER) override_dh_auto_test: diff --git a/helm-charts/upstream/istio-cni-helm/debian/deb_folder/source/format b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/helm-charts/upstream/istio-cni-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/helm-charts/upstream/istio-cni-helm/debian/meta_data.yaml b/helm-charts/upstream/istio-cni-helm/debian/meta_data.yaml new file mode 100644 index 0000000..86e2248 --- /dev/null +++ b/helm-charts/upstream/istio-cni-helm/debian/meta_data.yaml @@ -0,0 +1,15 @@ +--- +debname: istio-cni-helm +debver: 1.22-1 +dl_path: + name: helm-charts-istio-cni-1.22.1.tar.gz + url: https://storage.googleapis.com/istio-release/releases/1.22.1/helm/cni-1.22.1.tgz + sha256sum: 459a44c3fc1e97bb82c4cb409e0a7257963043deb3d50fb3ecbcf5a2e652da0b +src_files: + - files/Makefile +revision: + dist: $STX_DIST + stx_patch: -1 + GITREVCOUNT: + SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-cni-helm + BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29 diff --git a/helm-charts/upstream/istio-cni-helm/files/Makefile b/helm-charts/upstream/istio-cni-helm/files/Makefile new file mode 100644 index 0000000..503f81c --- /dev/null +++ b/helm-charts/upstream/istio-cni-helm/files/Makefile @@ -0,0 +1,41 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := doc tests tools logs tmp +CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -rf */charts */tmpcharts + +%: + @: diff --git a/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/changelog b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..77a3253 --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +istio-egressgateway-helm (1.22-1) unstable; urgency=medium + + * Initial Release, removing dependency on Istio Operator + + -- Aman Pandae Fri, 04 Jul 2025 06:42:17 +0000 diff --git a/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/control b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/control new file mode 100644 index 0000000..1d2e524 --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/control @@ -0,0 +1,15 @@ +Source: istio-egressgateway-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: istio-egressgateway-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Istio egressgateway Helm Charts + This package contains helm charts for the istio application. diff --git a/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/copyright b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..7873ac1 --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: istio-egressgateway-helm +Source: https://opendev.org/starlingx/app-istio/ + +Files: * +Copyright: (c) 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/istio-egressgateway-helm.install b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/istio-egressgateway-helm.install new file mode 100644 index 0000000..8a0c6de --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/istio-egressgateway-helm.install @@ -0,0 +1 @@ +usr/lib/helm/* diff --git a/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/rules b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/rules new file mode 100755 index 0000000..482247e --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/rules @@ -0,0 +1,33 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export CHART_FOLDER = $(ROOT)/usr/lib/helm + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') +export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3) +export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION) + +%: + dh $@ + +override_dh_auto_build: + + mkdir -p istio-egressgateway + + # We are picking the istio-egress chart from istio repository. + # Other plugins directly have their own tgz to pull + # istio-egress and ingress don't have it. + # For more clarity look at meta_data.yaml + cp -r manifests/charts/gateways/istio-egress/* istio-egressgateway + + # Create the TGZ file. + make CHART_VERSION=$(CHART_VERSION) istio-egressgateway + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(CHART_FOLDER) + install -p -D -m 755 istio-egress*.tgz $(CHART_FOLDER) + +override_dh_auto_test: diff --git a/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/source/format b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/helm-charts/upstream/istio-helm/debian/meta_data.yaml b/helm-charts/upstream/istio-egressgateway-helm/debian/meta_data.yaml similarity index 66% rename from helm-charts/upstream/istio-helm/debian/meta_data.yaml rename to helm-charts/upstream/istio-egressgateway-helm/debian/meta_data.yaml index fee274e..09ceedf 100644 --- a/helm-charts/upstream/istio-helm/debian/meta_data.yaml +++ b/helm-charts/upstream/istio-egressgateway-helm/debian/meta_data.yaml @@ -1,8 +1,8 @@ --- -debname: istio-helm +debname: istio-egressgateway-helm debver: 1.22-1 dl_path: - name: helm-charts-istio-1.22.1.tar.gz + name: helm-charts-istio-egressgateway-1.22.1.tar.gz url: https://github.com/istio/istio/archive/refs/tags/1.22.1.tar.gz sha256sum: 053e121a56aac7a75fbbfcab3332efe1b1577385b7b2e17f94d857f6bacbee29 src_files: @@ -11,5 +11,5 @@ revision: dist: $STX_DIST stx_patch: -1 GITREVCOUNT: - SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-helm - BASE_SRCREV: 245357e2ff1271c5451b6b369fb7dc894a04f962 + SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-egressgateway-helm + BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29 diff --git a/helm-charts/upstream/istio-egressgateway-helm/files/Makefile b/helm-charts/upstream/istio-egressgateway-helm/files/Makefile new file mode 100644 index 0000000..503f81c --- /dev/null +++ b/helm-charts/upstream/istio-egressgateway-helm/files/Makefile @@ -0,0 +1,41 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := doc tests tools logs tmp +CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -rf */charts */tmpcharts + +%: + @: diff --git a/helm-charts/upstream/istio-helm/debian/deb_folder/changelog b/helm-charts/upstream/istio-helm/debian/deb_folder/changelog deleted file mode 100644 index 4790c9c..0000000 --- a/helm-charts/upstream/istio-helm/debian/deb_folder/changelog +++ /dev/null @@ -1,11 +0,0 @@ -istio-helm (1.22-1) unstable; urgency=medium - - * Update istio chart version - - -- Sirin Shaikh Thu, 20 Jun 2024 09:17:09 +0000 - -istio-helm (1.19-4) unstable; urgency=medium - - * Auto-increment chart version - - -- Aman Pandae Thu, 2 May 2024 07:00:00 +0000 diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/changelog b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..ca5ea50 --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +istio-ingressgateway-helm (1.22-1) unstable; urgency=medium + + * Initial Release, removing dependency on Istio Operator + + -- Aman Pandae Fri, 04 Jul 2025 06:42:17 +0000 diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/control b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/control new file mode 100644 index 0000000..6009c04 --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/control @@ -0,0 +1,15 @@ +Source: istio-ingressgateway-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: istio-ingressgateway-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Istio ingressgateway Helm Charts + This package contains helm charts for the istio application. diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/copyright b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..7873ac1 --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: istio-egressgateway-helm +Source: https://opendev.org/starlingx/app-istio/ + +Files: * +Copyright: (c) 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/istio-ingressgateway-helm.install b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/istio-ingressgateway-helm.install new file mode 100644 index 0000000..8a0c6de --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/istio-ingressgateway-helm.install @@ -0,0 +1 @@ +usr/lib/helm/* diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/rules b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/rules new file mode 100755 index 0000000..47fb081 --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/rules @@ -0,0 +1,33 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export CHART_FOLDER = $(ROOT)/usr/lib/helm + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') +export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3) +export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION) + +%: + dh $@ + +override_dh_auto_build: + + mkdir -p istio-ingressgateway + + # We are picking the istio-ingress chart from istio repository. + # Other plugins directly have their own tgz to pull + # istio-ingress and egress don't have it + # For more clarity look at meta_data.yaml + cp -r manifests/charts/gateways/istio-ingress/* istio-ingressgateway + + # Create the TGZ file. + make CHART_VERSION=$(CHART_VERSION) istio-ingressgateway + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(CHART_FOLDER) + install -p -D -m 755 istio-ingress*.tgz $(CHART_FOLDER) + +override_dh_auto_test: diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/source/format b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/helm-charts/upstream/istio-ingressgateway-helm/debian/meta_data.yaml b/helm-charts/upstream/istio-ingressgateway-helm/debian/meta_data.yaml new file mode 100644 index 0000000..8709b9f --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/debian/meta_data.yaml @@ -0,0 +1,15 @@ +--- +debname: istio-ingressgateway-helm +debver: 1.22-1 +dl_path: + name: helm-charts-istio-ingressgateway-1.22.1.tar.gz + url: https://github.com/istio/istio/archive/refs/tags/1.22.1.tar.gz + sha256sum: 053e121a56aac7a75fbbfcab3332efe1b1577385b7b2e17f94d857f6bacbee29 +src_files: + - files/Makefile +revision: + dist: $STX_DIST + stx_patch: -1 + GITREVCOUNT: + SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-ingressgateway-helm + BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29 diff --git a/helm-charts/upstream/istio-ingressgateway-helm/files/Makefile b/helm-charts/upstream/istio-ingressgateway-helm/files/Makefile new file mode 100644 index 0000000..503f81c --- /dev/null +++ b/helm-charts/upstream/istio-ingressgateway-helm/files/Makefile @@ -0,0 +1,41 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := doc tests tools logs tmp +CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -rf */charts */tmpcharts + +%: + @: diff --git a/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/changelog b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..ffd04f6 --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +istio-pilot-helm (1.22-1) unstable; urgency=medium + + * Initial Release, removing dependency on Istio Operator + + -- Aman Pandae Fri, 04 Jul 2025 06:42:17 +0000 diff --git a/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/control b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/control new file mode 100644 index 0000000..a7bc9aa --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/control @@ -0,0 +1,15 @@ +Source: istio-pilot-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: istio-pilot-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Istio Pilot Helm Charts + This package contains helm charts for the istio application. diff --git a/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/copyright b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..c19cd7e --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: istio-pilot-helm +Source: https://opendev.org/starlingx/app-istio/ + +Files: * +Copyright: (c) 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2025 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/istio-pilot-helm.install b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/istio-pilot-helm.install new file mode 100644 index 0000000..8a0c6de --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/istio-pilot-helm.install @@ -0,0 +1 @@ +usr/lib/helm/* diff --git a/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/rules b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/rules new file mode 100755 index 0000000..44641c6 --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/rules @@ -0,0 +1,33 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export CHART_FOLDER = $(ROOT)/usr/lib/helm + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') +export CHART_BASE_VERSION = $(shell echo $(DEB_VERSION) | sed 's/-/./' | cut -d '.' -f 1-3) +export CHART_VERSION = $(CHART_BASE_VERSION)+STX.$(PATCH_VERSION) + +%: + dh $@ + +override_dh_auto_build: + + mkdir -p istio-pilot + + #Copy istio-pilot chart + cp Chart.yaml istio-pilot + cp values.yaml istio-pilot + cp -r templates istio-pilot + cp -r files istio-pilot + + # Create the TGZ file. + make CHART_VERSION=$(CHART_VERSION) istio-pilot + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(CHART_FOLDER) + install -p -D -m 755 istiod*.tgz $(CHART_FOLDER) + +override_dh_auto_test: diff --git a/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/source/format b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/helm-charts/upstream/istio-pilot-helm/debian/meta_data.yaml b/helm-charts/upstream/istio-pilot-helm/debian/meta_data.yaml new file mode 100644 index 0000000..1993a56 --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/debian/meta_data.yaml @@ -0,0 +1,15 @@ +--- +debname: istio-pilot-helm +debver: 1.22-1 +dl_path: + name: helm-charts-istio-pilot-1.22.1.tar.gz + url: https://storage.googleapis.com/istio-release/releases/1.22.1/helm/istiod-1.22.1.tgz + sha256sum: 171356f34144995ca913a0f07f4f86dd54026fca6236164cb92b56361a77ce49 +src_files: + - files/Makefile +revision: + dist: $STX_DIST + stx_patch: -1 + GITREVCOUNT: + SRC_DIR: ${MY_REPO}/stx/app-istio/helm-charts/upstream/istio-pilot-helm + BASE_SRCREV: c475992c932268dcf7fe197c693512190781ff29 diff --git a/helm-charts/upstream/istio-pilot-helm/files/Makefile b/helm-charts/upstream/istio-pilot-helm/files/Makefile new file mode 100644 index 0000000..503f81c --- /dev/null +++ b/helm-charts/upstream/istio-pilot-helm/files/Makefile @@ -0,0 +1,41 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := doc tests tools logs tmp +CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -rf */charts */tmpcharts + +%: + @: diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/common/constants.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/common/constants.py index fa5d241..7d7e355 100644 --- a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/common/constants.py +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/common/constants.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2022-2023 Wind River Systems, Inc. +# Copyright (c) 2022-2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -8,12 +8,17 @@ HELM_APP_ISTIO = 'istio' # Namespace to deploy the application -HELM_NS_ISTIO_OPERATOR = 'istio-operator' HELM_NS_ISTIO_SYSTEM = 'istio-system' # Helm: Supported charts: # These values match the names in the chart package's Chart.yaml -HELM_CHART_ISTIO_OPERATOR = 'istio-operator' + +HELM_CHART_ISTIO_BASE = 'base' +HELM_CHART_ISTIO_CNI = 'cni' +HELM_CHART_ISTIO_PILOT = 'istiod' +HELM_CHART_ISTIO_GATEWAYS = 'gateways' +HELM_CHART_ISTIO_INGRESSGATEWAY = 'istio-ingress' +HELM_CHART_ISTIO_EGRESSGATEWAY = 'istio-egress' HELM_CHART_KIALI_SERVER = 'kiali-server' HELM_COMPONENT_LABEL_ISTIO = 'app.starlingx.io/component' diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_base.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_base.py new file mode 100644 index 0000000..4e4c139 --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_base.py @@ -0,0 +1,74 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_istio.common import constants as app_constants + + +class IstioBaseHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the istio-base chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [app_constants.HELM_NS_ISTIO_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_ISTIO: + base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_ISTIO_SYSTEM] + } + + CHART = app_constants.HELM_CHART_ISTIO_BASE + + SERVICE_NAME = app_constants.HELM_APP_ISTIO + HELM_RELEASE = app_constants.HELM_CHART_ISTIO_BASE + + def _is_enabled(self, app_name, chart_name, namespace): + """ + Check if the chart is enable at a system level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + return super(IstioBaseHelm, self)._is_enabled( + app_name, chart_name, namespace) + + def execute_kustomize_updates(self, operator): + """ + Update the elements of FluxCD kustomize manifests. + + This allows a helm chart plugin to use the FluxCDKustomizeOperator to + make dynamic structural changes to the application manifest based on the + current conditions in the platform + + Changes currenty include updates to the top level kustomize manifest to + disable helm releases. + + :param operator: an instance of the FluxCDKustomizeOperator + """ + if not self._is_enabled(operator.APP, self.CHART, + app_constants.HELM_NS_ISTIO_SYSTEM): + operator.helm_release_resource_delete(self.HELM_RELEASE) + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = { + app_constants.HELM_NS_ISTIO_SYSTEM: {} + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_cni.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_cni.py new file mode 100644 index 0000000..1b06a37 --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_cni.py @@ -0,0 +1,74 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_istio.common import constants as app_constants + + +class IstioCniHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the istio-cni chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [app_constants.HELM_NS_ISTIO_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_ISTIO: + base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_ISTIO_SYSTEM] + } + + CHART = app_constants.HELM_CHART_ISTIO_CNI + + SERVICE_NAME = app_constants.HELM_APP_ISTIO + HELM_RELEASE = app_constants.HELM_CHART_ISTIO_CNI + + def _is_enabled(self, app_name, chart_name, namespace): + """ + Check if the chart is enable at a system level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + return super(IstioCniHelm, self)._is_enabled( + app_name, chart_name, namespace) + + def execute_kustomize_updates(self, operator): + """ + Update the elements of FluxCD kustomize manifests. + + This allows a helm chart plugin to use the FluxCDKustomizeOperator to + make dynamic structural changes to the application manifest based on the + current conditions in the platform + + Changes currenty include updates to the top level kustomize manifest to + disable helm releases. + + :param operator: an instance of the FluxCDKustomizeOperator + """ + if not self._is_enabled(operator.APP, self.CHART, + app_constants.HELM_NS_ISTIO_SYSTEM): + operator.helm_release_resource_delete(self.HELM_RELEASE) + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = { + app_constants.HELM_NS_ISTIO_SYSTEM: {} + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_egressgateway.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_egressgateway.py new file mode 100644 index 0000000..d85c21d --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_egressgateway.py @@ -0,0 +1,74 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_istio.common import constants as app_constants + + +class IstioEgressGatewayHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the istio-egress chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [app_constants.HELM_NS_ISTIO_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_ISTIO: + base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_ISTIO_SYSTEM] + } + + CHART = app_constants.HELM_CHART_ISTIO_EGRESSGATEWAY + + SERVICE_NAME = app_constants.HELM_APP_ISTIO + HELM_RELEASE = app_constants.HELM_CHART_ISTIO_EGRESSGATEWAY + + def _is_enabled(self, app_name, chart_name, namespace): + """ + Check if the chart is enable at a system level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + return super(IstioEgressGatewayHelm, self)._is_enabled( + app_name, chart_name, namespace) + + def execute_kustomize_updates(self, operator): + """ + Update the elements of FluxCD kustomize manifests. + + This allows a helm chart plugin to use the FluxCDKustomizeOperator to + make dynamic structural changes to the application manifest based on the + current conditions in the platform + + Changes currenty include updates to the top level kustomize manifest to + disable helm releases. + + :param operator: an instance of the FluxCDKustomizeOperator + """ + if not self._is_enabled(operator.APP, self.CHART, + app_constants.HELM_NS_ISTIO_SYSTEM): + operator.helm_release_resource_delete(self.HELM_RELEASE) + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = { + app_constants.HELM_NS_ISTIO_SYSTEM: {} + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_ingressgateway.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_ingressgateway.py new file mode 100644 index 0000000..c2be966 --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_ingressgateway.py @@ -0,0 +1,74 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_istio.common import constants as app_constants + + +class IstioIngressGatewayHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the istio-ingress chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [app_constants.HELM_NS_ISTIO_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_ISTIO: + base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_ISTIO_SYSTEM] + } + + CHART = app_constants.HELM_CHART_ISTIO_INGRESSGATEWAY + + SERVICE_NAME = app_constants.HELM_APP_ISTIO + HELM_RELEASE = app_constants.HELM_CHART_ISTIO_INGRESSGATEWAY + + def _is_enabled(self, app_name, chart_name, namespace): + """ + Check if the chart is enable at a system level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + return super(IstioIngressGatewayHelm, self)._is_enabled( + app_name, chart_name, namespace) + + def execute_kustomize_updates(self, operator): + """ + Update the elements of FluxCD kustomize manifests. + + This allows a helm chart plugin to use the FluxCDKustomizeOperator to + make dynamic structural changes to the application manifest based on the + current conditions in the platform + + Changes currenty include updates to the top level kustomize manifest to + disable helm releases. + + :param operator: an instance of the FluxCDKustomizeOperator + """ + if not self._is_enabled(operator.APP, self.CHART, + app_constants.HELM_NS_ISTIO_SYSTEM): + operator.helm_release_resource_delete(self.HELM_RELEASE) + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = { + app_constants.HELM_NS_ISTIO_SYSTEM: {} + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_operator.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_operator.py deleted file mode 100644 index 670ac05..0000000 --- a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_operator.py +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -from sysinv.common import exception -from sysinv.helm import base - -from k8sapp_istio.common import constants as app_constants - - -class IstioHelm(base.BaseHelm): - """Class to encapsulate helm operations for the istio chart""" - - SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ - [app_constants.HELM_NS_ISTIO_SYSTEM] - SUPPORTED_APP_NAMESPACES = { - app_constants.HELM_APP_ISTIO: - base.BaseHelm.SUPPORTED_NAMESPACES + - [app_constants.HELM_NS_ISTIO_SYSTEM] - } - - CHART = app_constants.HELM_CHART_ISTIO_OPERATOR - - SERVICE_NAME = app_constants.HELM_APP_ISTIO - - def get_namespaces(self): - return self.SUPPORTED_NAMESPACES - - def get_overrides(self, namespace=None): - overrides = { - app_constants.HELM_NS_ISTIO_SYSTEM: {} - } - - if namespace in self.SUPPORTED_NAMESPACES: - return overrides[namespace] - elif namespace: - raise exception.InvalidHelmNamespace(chart=self.CHART, - namespace=namespace) - else: - return overrides diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_pilot.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_pilot.py new file mode 100644 index 0000000..24c0e5b --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/istio_pilot.py @@ -0,0 +1,74 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_istio.common import constants as app_constants + + +class IstioPilotHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the istio-pilot chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [app_constants.HELM_NS_ISTIO_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_ISTIO: + base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_ISTIO_SYSTEM] + } + + CHART = app_constants.HELM_CHART_ISTIO_PILOT + + SERVICE_NAME = app_constants.HELM_APP_ISTIO + HELM_RELEASE = app_constants.HELM_CHART_ISTIO_PILOT + + def _is_enabled(self, app_name, chart_name, namespace): + """ + Check if the chart is enable at a system level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + return super(IstioPilotHelm, self)._is_enabled( + app_name, chart_name, namespace) + + def execute_kustomize_updates(self, operator): + """ + Update the elements of FluxCD kustomize manifests. + + This allows a helm chart plugin to use the FluxCDKustomizeOperator to + make dynamic structural changes to the application manifest based on the + current conditions in the platform + + Changes currenty include updates to the top level kustomize manifest to + disable helm releases. + + :param operator: an instance of the FluxCDKustomizeOperator + """ + if not self._is_enabled(operator.APP, self.CHART, + app_constants.HELM_NS_ISTIO_SYSTEM): + operator.helm_release_resource_delete(self.HELM_RELEASE) + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = { + app_constants.HELM_NS_ISTIO_SYSTEM: {} + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/kiali_server.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/kiali_server.py index 9f084da..2a7fb11 100644 --- a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/kiali_server.py +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/helm/kiali_server.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2022 Wind River Systems, Inc. +# Copyright (c) 2022-2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -10,7 +10,7 @@ from sysinv.helm import base from k8sapp_istio.common import constants as app_constants -class KialiHelm(base.BaseHelm): +class KialiHelm(base.FluxCDBaseHelm): """Class to encapsulate helm operations for the Kiali chart""" SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ @@ -24,6 +24,38 @@ class KialiHelm(base.BaseHelm): CHART = app_constants.HELM_CHART_KIALI_SERVER SERVICE_NAME = app_constants.HELM_APP_ISTIO + HELM_RELEASE = app_constants.HELM_CHART_KIALI_SERVER + + def _is_enabled(self, app_name, chart_name, namespace): + """ + Check if the chart is enable at a system level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + return super(KialiHelm, self)._is_enabled( + app_name, chart_name, namespace) + + def execute_kustomize_updates(self, operator): + """ + Update the elements of FluxCD kustomize manifests. + + This allows a helm chart plugin to use the FluxCDKustomizeOperator to + make dynamic structural changes to the application manifest based on the + current conditions in the platform + + Changes currenty include updates to the top level kustomize manifest to + disable helm releases. + + :param operator: an instance of the FluxCDKustomizeOperator + """ + if not self._is_enabled(operator.APP, self.CHART, + app_constants.HELM_NS_ISTIO_SYSTEM): + operator.helm_release_resource_delete(self.HELM_RELEASE) def get_namespaces(self): return self.SUPPORTED_NAMESPACES diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/__init__.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/__init__.py new file mode 100644 index 0000000..4207708 --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/__init__.py @@ -0,0 +1,19 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +import yaml + + +class quoted_str(str): + pass + + +# force strings to be single-quoted to avoid interpretation as numeric values +def quoted_presenter(dumper, data): + return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style="'") + + +yaml.add_representer(quoted_str, quoted_presenter) diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/kustomize_istio.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/kustomize_istio.py new file mode 100644 index 0000000..3b83a64 --- /dev/null +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/kustomize/kustomize_istio.py @@ -0,0 +1,27 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +""" System inventory Kustomization resource operator.""" + +from k8sapp_istio.common import constants as app_constants +from sysinv.helm import kustomize_base as base + + +class IstioFluxCDKustomizeOperator(base.FluxCDKustomizeOperator): + + APP = app_constants.HELM_APP_ISTIO + + def platform_mode_kustomize_updates(self, dbapi, mode): + """ Update the top-level kustomization resource list + + Make changes to the top-level kustomization resource list based on the + platform mode + + :param dbapi: DB api object + :param mode: mode to control when to update the resource list + + """ + pass diff --git a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/lifecycle/lifecycle_istio.py b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/lifecycle/lifecycle_istio.py index 52f5de8..706c8bf 100644 --- a/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/lifecycle/lifecycle_istio.py +++ b/python3-k8sapp-istio/k8sapp_istio/k8sapp_istio/lifecycle/lifecycle_istio.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2022-2023 Wind River Systems, Inc. +# Copyright (c) 2022-2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -39,21 +39,18 @@ class IstioAppLifecycleOperator(base.AppLifecycleOperator): if hook_info.relative_timing == LifecycleConstants.APP_LIFECYCLE_TIMING_POST: return self.post_apply(app_op, app, hook_info) - if hook_info.lifecycle_type == LifecycleConstants.APP_LIFECYCLE_TYPE_OPERATION: - if hook_info.operation == constants.APP_REMOVE_OP: + if hook_info.lifecycle_type == LifecycleConstants.APP_LIFECYCLE_TYPE_RESOURCE: + if hook_info.operation == constants.APP_UPDATE_OP: if hook_info.relative_timing == LifecycleConstants.APP_LIFECYCLE_TIMING_PRE: - return self.pre_remove(app) - - if hook_info.lifecycle_type == LifecycleConstants.APP_LIFECYCLE_TYPE_OPERATION: - if hook_info.operation == constants.APP_REMOVE_OP: - if hook_info.relative_timing == LifecycleConstants.APP_LIFECYCLE_TIMING_POST: - return self.post_remove(app) + return self.pre_update(app) super(IstioAppLifecycleOperator, self).app_lifecycle_actions( context, conductor_obj, app_op, app, hook_info ) def post_apply(self, app_op, app, hook_info): + LOG.info( + "Application apply is being called for {} app".format(app_constants.HELM_APP_ISTIO)) if LifecycleConstants.EXTRA not in hook_info: raise exception.LifecycleMissingInfo("Missing {}".format(LifecycleConstants.EXTRA)) if LifecycleConstants.RETURN_CODE not in hook_info[LifecycleConstants.EXTRA]: @@ -109,44 +106,42 @@ class IstioAppLifecycleOperator(base.AppLifecycleOperator): if old_namespace_label != namespace_label: self._delete_istio_pods(app_op, client_core) - def pre_remove(self, app): - LOG.debug( - "Executing pre_remove for {} app".format(app_constants.HELM_APP_ISTIO) + def pre_update(self, app): + LOG.info( + "Executing pre_update for {} app".format(app_constants.HELM_APP_ISTIO) ) + # Delete istio-operator.yaml if it exists + # Scenario of Istio App Update:- + # v1 - Istio Operator exists in the fluxcd manifests + # v2 - Istio Operator is deprecated and not needed anymore + # App is updated from v1 to v2, Old istio-operator.yaml is not needed + # This takes care of Kubernetes deployment of Istio Operator + # Old Manifests files removal is handled in sysinv, conductor/kube_app.py yfile = os.path.join(app.sync_fluxcd_manifest, 'istio-operator/istio-operator.yaml') if os.path.exists(yfile): cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF, - 'delete', '-f', yfile] + 'delete', '-f', yfile, "--request-timeout=30s"] stdout, stderr = cutils.trycmd(*cmd) - LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr)) - - # Comment out istio-operator.yaml in the kustomization.yaml + LOG.info("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr)) + # Comment out istio-operator.yaml in the kustomization.yaml if it exists kust_file = os.path.join(app.sync_fluxcd_manifest, 'istio-operator/kustomization.yaml') - cmd = ['sed', '-i', '/istio-operator.yaml/s/^/#/g', kust_file] - stdout, stderr = cutils.trycmd(*cmd) - LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr)) - - def post_remove(self, app): - LOG.debug( - "Executing post_remove for {} app".format(app_constants.HELM_APP_ISTIO) - ) - # Uncomment istio-operator.yaml in the kustomization.yaml - kust_file = os.path.join(app.sync_fluxcd_manifest, 'istio-operator/kustomization.yaml') - cmd = ['sed', '-i', '/istio-operator.yaml/s/^#//g', kust_file] - stdout, stderr = cutils.trycmd(*cmd) - LOG.debug("{} app: post_remove cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr)) + if os.path.exists(kust_file): + cmd = ['sed', '-i', '/istio-operator.yaml/s/^/#/g', kust_file] + stdout, stderr = cutils.trycmd(*cmd) + LOG.info("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr)) + self.remove_finalizers_crd() def _get_helm_user_overrides(self, dbapi_instance, db_app_id): try: overrides = dbapi_instance.helm_override_get( app_id=db_app_id, - name=app_constants.HELM_CHART_ISTIO_OPERATOR, + name=app_constants.HELM_CHART_ISTIO_BASE, namespace=app_constants.HELM_NS_ISTIO_SYSTEM, ) except exception.HelmOverrideNotFound: values = { - "name": app_constants.HELM_CHART_ISTIO_OPERATOR, - "namespace": app_constants.HELM_NS_ISTIO_OPERATOR, + "name": app_constants.HELM_CHART_ISTIO_BASE, + "namespace": app_constants.HELM_NS_ISTIO_SYSTEM, "db_app_id": db_app_id, } overrides = dbapi_instance.helm_override_create(values=values) @@ -163,3 +158,43 @@ class IstioAppLifecycleOperator(base.AppLifecycleOperator): namespace=app_constants.HELM_NS_ISTIO_SYSTEM, grace_periods_seconds=0 ) + + def remove_finalizers_crd(self): + """ Remove finalizers from CustomResourceDefinitions (CRDs) + + This function removes finalizers from istio-operator CRD + Needed in case of Application update from N to N+1 where + N is dependent on istio-operator and + N+1 is not dependent on istio-operator. + This is needed to avoid the istio-operator CRD being stuck in + terminating state. + """ + # Get crd of istiooperator.install.istio.io example-istiocontrolplane + cmd_crds = ["kubectl", "--kubeconfig", kubernetes.KUBERNETES_ADMIN_CONF, "get", "crd", + "-o=jsonpath='{.items[?(@.spec.group==\"install.istio.io\")].metadata.name}'"] + + stdout, stderr = cutils.trycmd(*cmd_crds) + if not stderr: + LOG.info("Removing finalizer from istio-system CRD {}".format(stdout)) + crds = stdout.replace("'", "").strip().split(" ") + for crd_name in crds: + # Get custom resources based on each istio-system CRD + cmd_instances = ["kubectl", "--kubeconfig", kubernetes.KUBERNETES_ADMIN_CONF, + "get", "-n", "istio-system", crd_name, + "-o", "name", "--request-timeout=10s"] + stdout, stderr = cutils.trycmd(*cmd_instances) + crd_instances = stdout.strip().split("\n") + if not stderr and crd_instances: + for crd_instance in crd_instances: + if crd_instance: + # Patch each custom resource to remove finalizers + patch_cmd = ["kubectl", + "--kubeconfig", kubernetes.KUBERNETES_ADMIN_CONF, + "patch", "-n", "istio-system", crd_instance, + "--type=json", + "-p", '[{"op": "remove", "path": "/metadata/finalizers"}]', + "--request-timeout=10s"] + stdout, stderr = cutils.trycmd(*patch_cmd) + LOG.debug(f"{crd_instance} \n stdout: {stdout} \n stderr: {stderr}") + else: + LOG.error("Error removing finalizers: {stderr}") diff --git a/python3-k8sapp-istio/k8sapp_istio/setup.cfg b/python3-k8sapp-istio/k8sapp_istio/setup.cfg index 2bce6ee..7cff5f3 100644 --- a/python3-k8sapp-istio/k8sapp_istio/setup.cfg +++ b/python3-k8sapp-istio/k8sapp_istio/setup.cfg @@ -33,8 +33,15 @@ systemconfig.helm_applications = istio = systemconfig.helm_plugins.istio systemconfig.helm_plugins.istio = - 001_istio-operator = k8sapp_istio.helm.istio_operator:IstioHelm - 002_kiali-server = k8sapp_istio.helm.kiali_server:KialiHelm + 001_base = k8sapp_istio.helm.istio_base:IstioBaseHelm + 002_cni = k8sapp_istio.helm.istio_cni:IstioCniHelm + 003_istiod = k8sapp_istio.helm.istio_pilot:IstioPilotHelm + 004_istio-ingress = k8sapp_istio.helm.istio_ingressgateway:IstioIngressGatewayHelm + 005_istio-egress = k8sapp_istio.helm.istio_egressgateway:IstioEgressGatewayHelm + 006_kiali-server = k8sapp_istio.helm.kiali_server:KialiHelm + +systemconfig.fluxcd.kustomize_ops = + istio = k8sapp_istio.kustomize.kustomize_istio:IstioFluxCDKustomizeOperator systemconfig.app_lifecycle = istio = k8sapp_istio.lifecycle.lifecycle_istio:IstioAppLifecycleOperator diff --git a/python3-k8sapp-istio/k8sapp_istio/tox.ini b/python3-k8sapp-istio/k8sapp_istio/tox.ini index 6f2c39c..7af79f7 100644 --- a/python3-k8sapp-istio/k8sapp_istio/tox.ini +++ b/python3-k8sapp-istio/k8sapp_istio/tox.ini @@ -39,7 +39,7 @@ setenv = VIRTUAL_ENV={envdir} deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt - -e{[tox]stxdir}/config/sysinv/sysinv/sysinv + {[tox]stxdir}/config/sysinv/sysinv/sysinv -e{[tox]stxdir}/config/tsconfig/tsconfig -e{[tox]stxdir}/fault/fm-api/source -e{[tox]stxdir}/fault/python-fmclient/fmclient diff --git a/stx-istio-helm/debian/deb_folder/control b/stx-istio-helm/debian/deb_folder/control index 2c84fec..44ab64a 100644 --- a/stx-istio-helm/debian/deb_folder/control +++ b/stx-istio-helm/debian/deb_folder/control @@ -3,7 +3,11 @@ Section: libs Priority: optional Maintainer: StarlingX Developers Build-Depends: debhelper-compat (= 13), - istio-helm, + istio-base-helm, + istio-cni-helm, + istio-pilot-helm, + istio-ingressgateway-helm, + istio-egressgateway-helm, kiali-helm, python3-k8sapp-istio-wheels, build-info diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/helmrelease.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/helmrelease.yaml similarity index 58% rename from stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/helmrelease.yaml rename to stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/helmrelease.yaml index ed3cce6..432b046 100644 --- a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/helmrelease.yaml +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/helmrelease.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2024 Wind River Systems, Inc. +# Copyright (c) 2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -7,14 +7,14 @@ apiVersion: "helm.toolkit.fluxcd.io/v2" kind: HelmRelease metadata: - name: istio-operator + name: base labels: chart_group: istio-charts spec: - releaseName: istio-istio-operator + releaseName: istio-istio-base chart: spec: - chart: istio-operator + chart: base version: REPLACE_HELM_CHART_VERSION sourceRef: kind: HelmRepository @@ -25,12 +25,14 @@ spec: enable: false install: disableHooks: false + crds: Create upgrade: disableHooks: false + crds: CreateReplace valuesFrom: - kind: Secret - name: istio-operator-static-overrides - valuesKey: istio-operator-static-overrides.yaml + name: istio-base-static-overrides + valuesKey: istio-base-static-overrides.yaml - kind: Secret - name: istio-operator-system-overrides - valuesKey: istio-operator-system-overrides.yaml + name: istio-base-system-overrides + valuesKey: istio-base-system-overrides.yaml diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-static-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-static-overrides.yaml new file mode 100644 index 0000000..2a0d6c0 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-static-overrides.yaml @@ -0,0 +1,8 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +app.starlingx.io/component: platform + diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-system-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-system-overrides.yaml new file mode 100644 index 0000000..02ccae8 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/istio-base-system-overrides.yaml @@ -0,0 +1,5 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/kustomization.yaml new file mode 100644 index 0000000..9ce42af --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-base/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: istio-system +resources: + - helmrelease.yaml +secretGenerator: + - name: istio-base-static-overrides + files: + - istio-base-static-overrides.yaml + - name: istio-base-system-overrides + files: + - istio-base-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/helmrelease.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/helmrelease.yaml new file mode 100644 index 0000000..d39b6e0 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/helmrelease.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2" +kind: HelmRelease +metadata: + name: cni + labels: + chart_group: istio-charts +spec: + releaseName: istio-istio-cni + chart: + spec: + chart: cni + version: REPLACE_HELM_CHART_VERSION + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: base + namespace: istio-system + valuesFrom: + - kind: Secret + name: istio-cni-static-overrides + valuesKey: istio-cni-static-overrides.yaml + - kind: Secret + name: istio-cni-system-overrides + valuesKey: istio-cni-system-overrides.yaml diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-static-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-static-overrides.yaml new file mode 100644 index 0000000..c063cb9 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-static-overrides.yaml @@ -0,0 +1,34 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +app.starlingx.io/component: platform + +# cniBinDir: /opt/cni/bin is the default value in the istio-cni chart. +# We override it to /var/opt/cni/bin because istio-pilot expects it there +cni: + chained: false + cniBinDir: /var/opt/cni/bin + cniConfDir: /etc/cni/net.d + cniConfFileName: istio-cni.conf + excludeNamespaces: + - kube-system + - istio-operator + - istio-system + image: registry.local:9001/docker.io/istio/install-cni:1.22.1 + k8s: + readinessProbe: + failureThreshold: 30 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 +global: + imagePullSecrets: + - default-registry-key + proxy: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 + proxy_init: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-system-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-system-overrides.yaml new file mode 100644 index 0000000..02ccae8 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/istio-cni-system-overrides.yaml @@ -0,0 +1,5 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/kustomization.yaml new file mode 100644 index 0000000..b5c206e --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-cni/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: istio-system +resources: + - helmrelease.yaml +secretGenerator: + - name: istio-cni-static-overrides + files: + - istio-cni-static-overrides.yaml + - name: istio-cni-system-overrides + files: + - istio-cni-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/helmrelease.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/helmrelease.yaml new file mode 100644 index 0000000..25a8502 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/helmrelease.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2" +kind: HelmRelease +metadata: + name: istio-egress + labels: + chart_group: istio-charts +spec: + releaseName: istio-istio-egressgateway + chart: + spec: + chart: istio-egress + version: REPLACE_HELM_CHART_VERSION + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: istiod + namespace: istio-system + valuesFrom: + - kind: Secret + name: istio-egressgateway-static-overrides + valuesKey: istio-egressgateway-static-overrides.yaml + - kind: Secret + name: istio-egressgateway-system-overrides + valuesKey: istio-egressgateway-system-overrides.yaml diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-static-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-static-overrides.yaml new file mode 100644 index 0000000..1192336 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-static-overrides.yaml @@ -0,0 +1,23 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +gateways: + istio-egressgateway: + enabled: true + readinessProbe: + failureThreshold: 30 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + +global: + imagePullSecrets: + - default-registry-key + proxy: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 + proxy_init: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-system-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-system-overrides.yaml new file mode 100644 index 0000000..02ccae8 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/istio-egressgateway-system-overrides.yaml @@ -0,0 +1,5 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/kustomization.yaml new file mode 100644 index 0000000..e4612e8 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-egressgateway/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: istio-system +resources: + - helmrelease.yaml +secretGenerator: + - name: istio-egressgateway-static-overrides + files: + - istio-egressgateway-static-overrides.yaml + - name: istio-egressgateway-system-overrides + files: + - istio-egressgateway-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/helmrelease.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/helmrelease.yaml new file mode 100644 index 0000000..a55fb76 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/helmrelease.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2" +kind: HelmRelease +metadata: + name: istio-ingress + labels: + chart_group: istio-charts +spec: + releaseName: istio-istio-ingressgateway + chart: + spec: + chart: istio-ingress + version: REPLACE_HELM_CHART_VERSION + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: istiod + namespace: istio-system + valuesFrom: + - kind: Secret + name: istio-ingressgateway-static-overrides + valuesKey: istio-ingressgateway-static-overrides.yaml + - kind: Secret + name: istio-ingressgateway-system-overrides + valuesKey: istio-ingressgateway-system-overrides.yaml diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-static-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-static-overrides.yaml new file mode 100644 index 0000000..9e3c428 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-static-overrides.yaml @@ -0,0 +1,26 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +gateways: + istio-ingressgateway: + enabled: true + # Can be changed to ClusterIP or LoadBalancer if need be using Overrides + # Note: LoadBalancer requires Service IP, StarlingX doesn't set it automatically. + type: NodePort + readinessProbe: + failureThreshold: 30 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + +global: + imagePullSecrets: + - default-registry-key + proxy: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 + proxy_init: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-system-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-system-overrides.yaml new file mode 100644 index 0000000..02ccae8 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/istio-ingressgateway-system-overrides.yaml @@ -0,0 +1,5 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/kustomization.yaml new file mode 100644 index 0000000..a6a63d6 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-ingressgateway/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: istio-system +resources: + - helmrelease.yaml +secretGenerator: + - name: istio-ingressgateway-static-overrides + files: + - istio-ingressgateway-static-overrides.yaml + - name: istio-ingressgateway-system-overrides + files: + - istio-ingressgateway-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-static-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-static-overrides.yaml deleted file mode 100644 index 5256faa..0000000 --- a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-static-overrides.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# -# Copyright (c) 2024 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -hub: registry.local:9001/docker.io/istio -tag: 1.22.1 -replicaCount: 1 -images: - tags: - istio-operator: docker.io/istio/operator:1.22.1 - cni: docker.io/istio/install-cni:1.22.1 - pilot: docker.io/istio/pilot:1.22.1 - proxyv2: docker.io/istio/proxyv2:1.22.1 - -# ImagePullSecrets for operator ServiceAccount, list of secrets in the same namespace -# used to pull operator image. Must be set for any cluster configured with private docker registry. -imagePullSecrets: - - default-registry-key - -# Used to replace istioNamespace to support operator watch multiple namespaces. -watchedNamespaces: istio-system -waitForResourcesTimeout: 300s - -# Used for helm2 to add the CRDs to templates. -enableCRDTemplates: false - -# revision for the operator resources -revision: "" - -# Operator resource defaults -operator: - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 128Mi - -# Node labels for pod assignment -nodeSelector: {} - -# Tolerations for pod assignment -tolerations: [] - -# Affinity for pod assignment -affinity: {} - -# Additional labels and annotations to apply on the pod level for monitoring and logging configuration. -podLabels: {} -podAnnotations: {} diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-system-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-system-overrides.yaml deleted file mode 100644 index 7e93270..0000000 --- a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator-system-overrides.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator.yaml deleted file mode 100644 index e9c9287..0000000 --- a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/istio-operator.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -metadata: - namespace: istio-system - name: example-istiocontrolplane -spec: - profile: demo - components: - cni: - enabled: true - k8s: - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - pilot: - enabled: true - k8s: - readinessProbe: - failureThreshold: 4 - initialDelaySeconds: 1 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - ingressGateways: - - name: istio-ingressgateway - enabled: true - k8s: - readinessProbe: - failureThreshold: 30 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - egressGateways: - - name: istio-egressgateway - enabled: true - k8s: - readinessProbe: - failureThreshold: 30 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - values: - sidecarInjectorWebhook: - injectedAnnotations: - k8s.v1.cni.cncf.io/networks: istio-cni - cni: - chained: false - cniBinDir: /var/opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: istio-cni.conf - excludeNamespaces: - - kube-system - - istio-operator - - istio-system - image: registry.local:9001/docker.io/istio/install-cni:1.22.1 - pilot: - image: registry.local:9001/docker.io/istio/pilot:1.22.1 - global: - imagePullSecrets: - - default-registry-key - proxy: - image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 - proxy_init: - image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/kustomization.yaml deleted file mode 100644 index 8de35ec..0000000 --- a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-operator/kustomization.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -namespace: istio-system -resources: - - helmrelease.yaml - - istio-operator.yaml -secretGenerator: - - name: istio-operator-static-overrides - files: - - istio-operator-static-overrides.yaml - - name: istio-operator-system-overrides - files: - - istio-operator-system-overrides.yaml -generatorOptions: - disableNameSuffixHash: true diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/helmrelease.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/helmrelease.yaml new file mode 100644 index 0000000..7e8b1c7 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/helmrelease.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2" +kind: HelmRelease +metadata: + name: istiod + labels: + chart_group: istio-charts +spec: + releaseName: istio-istio-pilot + chart: + spec: + chart: istiod + version: REPLACE_HELM_CHART_VERSION + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: cni + namespace: istio-system + valuesFrom: + - kind: Secret + name: istio-pilot-static-overrides + valuesKey: istio-pilot-static-overrides.yaml + - kind: Secret + name: istio-pilot-system-overrides + valuesKey: istio-pilot-system-overrides.yaml diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-static-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-static-overrides.yaml new file mode 100644 index 0000000..837adf9 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-static-overrides.yaml @@ -0,0 +1,29 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +pilot: + enabled: true + image: registry.local:9001/docker.io/istio/pilot:1.22.1 + cni: + enabled: true + k8s: + readinessProbe: + failureThreshold: 30 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + +sidecarInjectorWebhook: + injectedAnnotations: + k8s.v1.cni.cncf.io/networks: istio-cni +global: + imagePullSecrets: + - default-registry-key + proxy: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 + proxy_init: + image: registry.local:9001/docker.io/istio/proxyv2:1.22.1 diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-system-overrides.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-system-overrides.yaml new file mode 100644 index 0000000..02ccae8 --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/istio-pilot-system-overrides.yaml @@ -0,0 +1,5 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/kustomization.yaml new file mode 100644 index 0000000..fd707ff --- /dev/null +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/istio-pilot/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2025 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: istio-system +resources: + - helmrelease.yaml +secretGenerator: + - name: istio-pilot-static-overrides + files: + - istio-pilot-static-overrides.yaml + - name: istio-pilot-system-overrides + files: + - istio-pilot-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/kustomization.yaml b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/kustomization.yaml index 8cb1141..9b7a5d0 100644 --- a/stx-istio-helm/stx-istio-helm/fluxcd-manifests/kustomization.yaml +++ b/stx-istio-helm/stx-istio-helm/fluxcd-manifests/kustomization.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2022 Wind River Systems, Inc. +# Copyright (c) 2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -9,5 +9,9 @@ kind: Kustomization namespace: istio-system resources: - base - - istio-operator + - istio-base + - istio-cni + - istio-pilot + - istio-ingressgateway + - istio-egressgateway - kiali-server