mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-27 18:18:41 +00:00
Merge branch 'aenix-io:main' into main
This commit is contained in:
klinch0
1
Makefile
1
Makefile
@@ -36,6 +36,7 @@ assets:
|
||||
make -C packages/core/installer/ assets
|
||||
|
||||
test:
|
||||
test -f _out/assets/nocloud-amd64.raw.xz || make -C packages/core/installer talos-nocloud
|
||||
make -C packages/core/testing apply
|
||||
make -C packages/core/testing test
|
||||
make -C packages/core/testing test-applications
|
||||
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
serviceAccountName: cozystack
|
||||
containers:
|
||||
- name: cozystack
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.24.1"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.25.0"
|
||||
env:
|
||||
- name: KUBERNETES_SERVICE_HOST
|
||||
value: localhost
|
||||
@@ -87,7 +87,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: assets
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.24.1"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.25.0"
|
||||
command:
|
||||
- /usr/bin/cozystack-assets-server
|
||||
- "-dir=/cozystack/assets"
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:b311eb8eb0c50a2707a6aef06a34a33c3ca40f2041eb30e73dd338ea3d11f33e
|
||||
ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:f30e9bd4b8a2a4362b88ac8974b12ed1ded631c4eeea87831bb446bb302b2e29
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:22302ca96a146617636bda107991825f6fcdb4599d360ab392aca1c00ed81a94
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:5efee8f76d0948936255c4cabad58057523502f77ceb40216ffae7e02841f85b
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:1318c7612391186b2a5d96c6fed2d13bd8fb2f6c13770e29e5d5abc517d9c138
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:daac6de8ad25de9d30eb5e928271cebaaa59193889231a54fd4f60e8a1c5f51a
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:e4d153f11a545276cd299e893c28bf21c64eefa64ea25dbba3a0b40df0e3dbe9
|
||||
ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:7bacb7853e656b6149c3a38c5cd925891011eb94358d4d11e154082ab8b3a643
|
||||
|
||||
@@ -109,13 +109,15 @@ virtual-machine 0.4.0 4746d51
|
||||
virtual-machine 0.5.0 cad9cde
|
||||
virtual-machine 0.6.0 0e728870
|
||||
virtual-machine 0.7.0 af58018a
|
||||
virtual-machine 0.7.1 HEAD
|
||||
virtual-machine 0.7.1 05857b95
|
||||
virtual-machine 0.8.0 HEAD
|
||||
vm-disk 0.1.0 HEAD
|
||||
vm-instance 0.1.0 ced8e5b9
|
||||
vm-instance 0.2.0 4f767ee3
|
||||
vm-instance 0.3.0 0e728870
|
||||
vm-instance 0.4.0 af58018a
|
||||
vm-instance 0.4.1 HEAD
|
||||
vm-instance 0.4.1 05857b95
|
||||
vm-instance 0.5.0 HEAD
|
||||
vpn 0.1.0 f642698
|
||||
vpn 0.2.0 7151424
|
||||
vpn 0.3.0 a2bcf100
|
||||
|
||||
@@ -17,10 +17,10 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.7.1
|
||||
version: 0.8.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.7.1"
|
||||
appVersion: "0.8.0"
|
||||
|
||||
@@ -8,3 +8,4 @@ generate:
|
||||
&& yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
|
||||
yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
|
||||
yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json
|
||||
yq -i -o json '.properties.externalMethod.enum = ["wholeIP", "PortList"]' values.schema.json
|
||||
|
||||
@@ -39,6 +39,7 @@ virtctl ssh <user>@<vm>
|
||||
| Name | Description | Value |
|
||||
| ------------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `external` | Enable external access from outside the cluster | `false` |
|
||||
| `externalMethod` | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP` |
|
||||
| `externalPorts` | Specify ports to forward from outside the cluster | `[]` |
|
||||
| `running` | Determines if the virtual machine should be running | `true` |
|
||||
| `instanceType` | Virtual Machine instance type | `u1.medium` |
|
||||
|
||||
@@ -6,6 +6,10 @@ metadata:
|
||||
name: {{ include "virtual-machine.fullname" . }}
|
||||
labels:
|
||||
{{- include "virtual-machine.labels" . | nindent 4 }}
|
||||
{{- if eq .Values.externalMethod "WholeIP" }}
|
||||
annotations:
|
||||
networking.cozystack.io/wholeIP: "true"
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
|
||||
externalTrafficPolicy: Local
|
||||
@@ -13,9 +17,13 @@ spec:
|
||||
selector:
|
||||
{{- include "virtual-machine.labels" . | nindent 4 }}
|
||||
ports:
|
||||
{{- if eq .Values.externalMethod "WholeIP" }}
|
||||
- port: 65535
|
||||
{{- else }}
|
||||
{{- range .Values.externalPorts }}
|
||||
- name: port-{{ . }}
|
||||
port: {{ . }}
|
||||
targetPort: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -7,6 +7,15 @@
|
||||
"description": "Enable external access from outside the cluster",
|
||||
"default": false
|
||||
},
|
||||
"externalMethod": {
|
||||
"type": "string",
|
||||
"description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
|
||||
"default": "WholeIP",
|
||||
"enum": [
|
||||
"wholeIP",
|
||||
"PortList"
|
||||
]
|
||||
},
|
||||
"externalPorts": {
|
||||
"type": "array",
|
||||
"description": "Specify ports to forward from outside the cluster",
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
## @section Common parameters
|
||||
|
||||
## @param external Enable external access from outside the cluster
|
||||
## @param externalMethod specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
|
||||
## @param externalPorts [array] Specify ports to forward from outside the cluster
|
||||
external: false
|
||||
externalMethod: WholeIP
|
||||
externalPorts:
|
||||
- 22
|
||||
|
||||
|
||||
@@ -17,10 +17,10 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.4.1
|
||||
version: 0.5.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.4.1"
|
||||
appVersion: "0.5.0"
|
||||
|
||||
@@ -8,3 +8,4 @@ generate:
|
||||
PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
|
||||
&& yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
|
||||
yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
|
||||
yq -i -o json '.properties.externalMethod.enum = ["WholeIP", "PortList"]' values.schema.json
|
||||
|
||||
@@ -36,18 +36,19 @@ virtctl ssh <user>@<vm>
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------ | ---------------------------------------------------------------------------------- | ---------------- |
|
||||
| `external` | Enable external access from outside the cluster | `false` |
|
||||
| `externalPorts` | Specify ports to forward from outside the cluster | `[]` |
|
||||
| `running` | Determines if the virtual machine should be running | `true` |
|
||||
| `instanceType` | Virtual Machine instance type | `u1.medium` |
|
||||
| `instanceProfile` | Virtual Machine prefferences profile | `ubuntu` |
|
||||
| `disks` | List of disks to attach | `[]` |
|
||||
| `resources.cpu` | The number of CPU cores allocated to the virtual machine | `""` |
|
||||
| `resources.memory` | The amount of memory allocated to the virtual machine | `""` |
|
||||
| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]` |
|
||||
| `cloudInit` | cloud-init user data config. See cloud-init documentation for more details. | `#cloud-config
|
||||
| Name | Description | Value |
|
||||
| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `external` | Enable external access from outside the cluster | `false` |
|
||||
| `externalMethod` | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP` |
|
||||
| `externalPorts` | Specify ports to forward from outside the cluster | `[]` |
|
||||
| `running` | Determines if the virtual machine should be running | `true` |
|
||||
| `instanceType` | Virtual Machine instance type | `u1.medium` |
|
||||
| `instanceProfile` | Virtual Machine prefferences profile | `ubuntu` |
|
||||
| `disks` | List of disks to attach | `[]` |
|
||||
| `resources.cpu` | The number of CPU cores allocated to the virtual machine | `""` |
|
||||
| `resources.memory` | The amount of memory allocated to the virtual machine | `""` |
|
||||
| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]` |
|
||||
| `cloudInit` | cloud-init user data config. See cloud-init documentation for more details. | `#cloud-config
|
||||
` |
|
||||
|
||||
## U Series
|
||||
|
||||
@@ -6,6 +6,10 @@ metadata:
|
||||
name: {{ include "virtual-machine.fullname" . }}
|
||||
labels:
|
||||
{{- include "virtual-machine.labels" . | nindent 4 }}
|
||||
{{- if eq .Values.externalMethod "WholeIP" }}
|
||||
annotations:
|
||||
networking.cozystack.io/wholeIP: "true"
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
|
||||
externalTrafficPolicy: Local
|
||||
@@ -13,9 +17,13 @@ spec:
|
||||
selector:
|
||||
{{- include "virtual-machine.labels" . | nindent 4 }}
|
||||
ports:
|
||||
{{- if eq .Values.externalMethod "WholeIP" }}
|
||||
- port: 65535
|
||||
{{- else }}
|
||||
{{- range .Values.externalPorts }}
|
||||
- name: port-{{ . }}
|
||||
port: {{ . }}
|
||||
targetPort: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -12,7 +12,7 @@ metadata:
|
||||
labels:
|
||||
{{- include "virtual-machine.labels" . | nindent 4 }}
|
||||
spec:
|
||||
running: {{ .Values.running | default "true" }}
|
||||
running: {{ .Values.running }}
|
||||
{{- with .Values.instanceType }}
|
||||
instancetype:
|
||||
kind: VirtualMachineClusterInstancetype
|
||||
|
||||
@@ -7,6 +7,15 @@
|
||||
"description": "Enable external access from outside the cluster",
|
||||
"default": false
|
||||
},
|
||||
"externalMethod": {
|
||||
"type": "string",
|
||||
"description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
|
||||
"default": "WholeIP",
|
||||
"enum": [
|
||||
"WholeIP",
|
||||
"PortList"
|
||||
]
|
||||
},
|
||||
"externalPorts": {
|
||||
"type": "array",
|
||||
"description": "Specify ports to forward from outside the cluster",
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
## @section Common parameters
|
||||
|
||||
## @param external Enable external access from outside the cluster
|
||||
## @param externalMethod specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
|
||||
## @param externalPorts [array] Specify ports to forward from outside the cluster
|
||||
external: false
|
||||
externalMethod: WholeIP
|
||||
externalPorts:
|
||||
- 22
|
||||
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
talos:
|
||||
imager:
|
||||
image: ghcr.io/siderolabs/imager:v1.9.2
|
||||
image: ghcr.io/siderolabs/imager:v1.9.3
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.2
|
||||
version: v1.9.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.2
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20250109
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
|
||||
output:
|
||||
kind: initramfs
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.2
|
||||
version: v1.9.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.2
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20250109
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
|
||||
output:
|
||||
kind: installer
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.2
|
||||
version: v1.9.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.2
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20250109
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
|
||||
output:
|
||||
kind: iso
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.2
|
||||
version: v1.9.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.2
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20250109
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
|
||||
output:
|
||||
kind: kernel
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.9.2
|
||||
version: v1.9.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.2
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20250109
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
|
||||
@@ -3,24 +3,24 @@
|
||||
arch: amd64
|
||||
platform: nocloud
|
||||
secureboot: false
|
||||
version: v1.9.2
|
||||
version: v1.9.3
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.2
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.3
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20250109
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20241110
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.24.1@sha256:2a07ec771337e41720196311ef53b120f2925abfc389eb36bc3c785c71817abd
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.25.0@sha256:86860fd1ddcd9709cb2a756409bc4983c44cd09b961d3b677469767fc93a7e36
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.24.1@sha256:3b4db74ce6225599fcf172a575a099e0ed365c81e62eb264bb49e38387232031
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.25.0@sha256:c9165c329fd2536e0342345792586d3e6f4007a6e6bd2cce133f17088fd3e785
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/matchbox:v0.24.1@sha256:002d540c3a5583bfadbcbd436c2e582e51fc854068a2a7d2dba41072e921ca96
|
||||
ghcr.io/aenix-io/cozystack/matchbox:v0.25.0@sha256:ffcfc340f19c7c6bc50f49d75b41c802df9bddc71d9e6fdeb9b9ad7dc242a5d1
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/grafana:1.8.0@sha256:1a484f970903cc38745251f3fbc1d4737065f2d0a8a08c0adccc8972aa25aa59
|
||||
ghcr.io/aenix-io/cozystack/grafana:1.8.0@sha256:0377abd3cb2c6e27b12ac297f1859aa4d550f1aa14989f824f2315d0dfd1a5b2
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
apiVersion: v2
|
||||
name: cozy-smee
|
||||
name: cozy-bootbox
|
||||
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:ced16c5ef3869e8ffbd0e880693b78ac47bdf310efcdb3e66ece6b22aaa5a75f
|
||||
ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:e4a4ab82290e6fc940beb799d5c15c7ed76f9752d3fce21fae6c2596a5da20b0
|
||||
|
||||
@@ -79,7 +79,7 @@ annotations:
|
||||
Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can
|
||||
be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
|
||||
apiVersion: v2
|
||||
appVersion: 1.16.5
|
||||
appVersion: 1.16.6
|
||||
description: eBPF-based Networking, Security, and Observability
|
||||
home: https://cilium.io/
|
||||
icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
|
||||
@@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0'
|
||||
name: cilium
|
||||
sources:
|
||||
- https://github.com/cilium/cilium
|
||||
version: 1.16.5
|
||||
version: 1.16.6
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# cilium
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Cilium is open source software for providing and transparently securing
|
||||
network connectivity and loadbalancing between application workloads such as
|
||||
@@ -83,7 +83,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
|
||||
| authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true |
|
||||
| authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. |
|
||||
| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:d75b758a4fea99ffff4db799e16f853bbde8643671b5b72464a8ba94cbe3dbe3","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server |
|
||||
| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server |
|
||||
| authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into |
|
||||
| authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration |
|
||||
| authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations |
|
||||
@@ -182,7 +182,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
|
||||
| clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
|
||||
| clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. |
|
||||
| clustermesh.apiserver.image | object | `{"digest":"sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.5","useDigest":true}` | Clustermesh API server image. |
|
||||
| clustermesh.apiserver.image | object | `{"digest":"sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.6","useDigest":true}` | Clustermesh API server image. |
|
||||
| clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. |
|
||||
| clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. |
|
||||
| clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. |
|
||||
@@ -353,7 +353,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| envoy.extraVolumes | list | `[]` | Additional envoy volumes. |
|
||||
| envoy.healthPort | int | `9878` | TCP port for the health API. |
|
||||
| envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s |
|
||||
| envoy.image | object | `{"digest":"sha256:709c08ade3d17d52da4ca2af33f431360ec26268d288d9a6cd1d98acc9a1dced","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8","useDigest":true}` | Envoy container image. |
|
||||
| envoy.image | object | `{"digest":"sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5","useDigest":true}` | Envoy container image. |
|
||||
| envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out |
|
||||
| envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
|
||||
| envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
|
||||
@@ -485,7 +485,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. |
|
||||
| hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay |
|
||||
| hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay |
|
||||
| hubble.relay.image | object | `{"digest":"sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.5","useDigest":true}` | Hubble-relay container image. |
|
||||
| hubble.relay.image | object | `{"digest":"sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.6","useDigest":true}` | Hubble-relay container image. |
|
||||
| hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
|
||||
| hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
|
||||
| hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
|
||||
@@ -591,7 +591,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
|
||||
| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). |
|
||||
| identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. |
|
||||
| image | object | `{"digest":"sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.5","useDigest":true}` | Agent container image. |
|
||||
| image | object | `{"digest":"sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.6","useDigest":true}` | Agent container image. |
|
||||
| imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images |
|
||||
| ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set |
|
||||
| ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. |
|
||||
@@ -718,7 +718,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| operator.hostNetwork | bool | `true` | HostNetwork setting |
|
||||
| operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
|
||||
| operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
|
||||
| operator.image | object | `{"alibabacloudDigest":"sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0","awsDigest":"sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476","azureDigest":"sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9","genericDigest":"sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.5","useDigest":true}` | cilium-operator image. |
|
||||
| operator.image | object | `{"alibabacloudDigest":"sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9","awsDigest":"sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d","azureDigest":"sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd","genericDigest":"sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.6","useDigest":true}` | cilium-operator image. |
|
||||
| operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
|
||||
| operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
|
||||
| operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
|
||||
@@ -768,7 +768,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
|
||||
| preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
|
||||
| preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
|
||||
| preflight.image | object | `{"digest":"sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.5","useDigest":true}` | Cilium pre-flight image. |
|
||||
| preflight.image | object | `{"digest":"sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.6","useDigest":true}` | Cilium pre-flight image. |
|
||||
| preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
|
||||
| preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
|
||||
| preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
|
||||
|
||||
@@ -1,471 +0,0 @@
|
||||
{
|
||||
"node": {
|
||||
"id": "host~127.0.0.1~no-id~localdomain",
|
||||
"cluster": "ingress-cluster"
|
||||
},
|
||||
"staticResources": {
|
||||
"listeners": [
|
||||
{{- if .Values.envoy.prometheus.enabled }}
|
||||
{
|
||||
"name": "envoy-prometheus-metrics-listener",
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": "0.0.0.0",
|
||||
"port_value": {{ .Values.envoy.prometheus.port }}
|
||||
}
|
||||
},
|
||||
"filter_chains": [
|
||||
{
|
||||
"filters": [
|
||||
{
|
||||
"name": "envoy.filters.network.http_connection_manager",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
|
||||
"stat_prefix": "envoy-prometheus-metrics-listener",
|
||||
"route_config": {
|
||||
"virtual_hosts": [
|
||||
{
|
||||
"name": "prometheus_metrics_route",
|
||||
"domains": [
|
||||
"*"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"name": "prometheus_metrics_route",
|
||||
"match": {
|
||||
"prefix": "/metrics"
|
||||
},
|
||||
"route": {
|
||||
"cluster": "/envoy-admin",
|
||||
"prefix_rewrite": "/stats/prometheus"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"http_filters": [
|
||||
{
|
||||
"name": "envoy.filters.http.router",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
||||
}
|
||||
}
|
||||
],
|
||||
"internal_address_config": {
|
||||
"cidr_ranges": [
|
||||
{
|
||||
"address_prefix": "10.0.0.0",
|
||||
"prefix_len": 8
|
||||
},
|
||||
{
|
||||
"address_prefix": "172.16.0.0",
|
||||
"prefix_len": 12
|
||||
},
|
||||
{
|
||||
"address_prefix": "192.168.0.0",
|
||||
"prefix_len": 16
|
||||
},
|
||||
{
|
||||
"address_prefix": "127.0.0.1",
|
||||
"prefix_len": 32
|
||||
},
|
||||
{
|
||||
"address_prefix": "::1",
|
||||
"prefix_len": 128
|
||||
}
|
||||
]
|
||||
},
|
||||
"stream_idle_timeout": "0s"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{{- end }}
|
||||
{{- if and .Values.envoy.debug.admin.enabled }}
|
||||
{
|
||||
"name": "envoy-admin-listener",
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }},
|
||||
"port_value": {{ .Values.envoy.debug.admin.port }}
|
||||
}
|
||||
},
|
||||
{{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
|
||||
"additional_addresses": [
|
||||
{
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": "::1",
|
||||
"port_value": {{ .Values.envoy.debug.admin.port }}
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
{{- end }}
|
||||
"filter_chains": [
|
||||
{
|
||||
"filters": [
|
||||
{
|
||||
"name": "envoy.filters.network.http_connection_manager",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
|
||||
"stat_prefix": "envoy-admin-listener",
|
||||
"route_config": {
|
||||
"virtual_hosts": [
|
||||
{
|
||||
"name": "admin_route",
|
||||
"domains": [
|
||||
"*"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"name": "admin_route",
|
||||
"match": {
|
||||
"prefix": "/"
|
||||
},
|
||||
"route": {
|
||||
"cluster": "/envoy-admin",
|
||||
"prefix_rewrite": "/"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"http_filters": [
|
||||
{
|
||||
"name": "envoy.filters.http.router",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
||||
}
|
||||
}
|
||||
],
|
||||
"internal_address_config": {
|
||||
"cidr_ranges": [
|
||||
{
|
||||
"address_prefix": "10.0.0.0",
|
||||
"prefix_len": 8
|
||||
},
|
||||
{
|
||||
"address_prefix": "172.16.0.0",
|
||||
"prefix_len": 12
|
||||
},
|
||||
{
|
||||
"address_prefix": "192.168.0.0",
|
||||
"prefix_len": 16
|
||||
},
|
||||
{
|
||||
"address_prefix": "127.0.0.1",
|
||||
"prefix_len": 32
|
||||
},
|
||||
{
|
||||
"address_prefix": "::1",
|
||||
"prefix_len": 128
|
||||
}
|
||||
]
|
||||
},
|
||||
"stream_idle_timeout": "0s"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{{- end }}
|
||||
{
|
||||
"name": "envoy-health-listener",
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }},
|
||||
"port_value": {{ .Values.envoy.healthPort }}
|
||||
}
|
||||
},
|
||||
{{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
|
||||
"additional_addresses": [
|
||||
{
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": "::1",
|
||||
"port_value": {{ .Values.envoy.healthPort }}
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
{{- end }}
|
||||
"filter_chains": [
|
||||
{
|
||||
"filters": [
|
||||
{
|
||||
"name": "envoy.filters.network.http_connection_manager",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
|
||||
"stat_prefix": "envoy-health-listener",
|
||||
"route_config": {
|
||||
"virtual_hosts": [
|
||||
{
|
||||
"name": "health",
|
||||
"domains": [
|
||||
"*"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"name": "health",
|
||||
"match": {
|
||||
"prefix": "/healthz"
|
||||
},
|
||||
"route": {
|
||||
"cluster": "/envoy-admin",
|
||||
"prefix_rewrite": "/ready"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"http_filters": [
|
||||
{
|
||||
"name": "envoy.filters.http.router",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
||||
}
|
||||
}
|
||||
],
|
||||
"internal_address_config": {
|
||||
"cidr_ranges": [
|
||||
{
|
||||
"address_prefix": "10.0.0.0",
|
||||
"prefix_len": 8
|
||||
},
|
||||
{
|
||||
"address_prefix": "172.16.0.0",
|
||||
"prefix_len": 12
|
||||
},
|
||||
{
|
||||
"address_prefix": "192.168.0.0",
|
||||
"prefix_len": 16
|
||||
},
|
||||
{
|
||||
"address_prefix": "127.0.0.1",
|
||||
"prefix_len": 32
|
||||
},
|
||||
{
|
||||
"address_prefix": "::1",
|
||||
"prefix_len": 128
|
||||
}
|
||||
]
|
||||
},
|
||||
"stream_idle_timeout": "0s"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"clusters": [
|
||||
{
|
||||
"name": "ingress-cluster",
|
||||
"type": "ORIGINAL_DST",
|
||||
"connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
|
||||
"lbPolicy": "CLUSTER_PROVIDED",
|
||||
"typedExtensionProtocolOptions": {
|
||||
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
|
||||
"commonHttpProtocolOptions": {
|
||||
"idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
|
||||
"maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
|
||||
"maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
},
|
||||
"useDownstreamProtocolConfig": {}
|
||||
}
|
||||
},
|
||||
"cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
|
||||
},
|
||||
{
|
||||
"name": "egress-cluster-tls",
|
||||
"type": "ORIGINAL_DST",
|
||||
"connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
|
||||
"lbPolicy": "CLUSTER_PROVIDED",
|
||||
"typedExtensionProtocolOptions": {
|
||||
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
|
||||
"commonHttpProtocolOptions": {
|
||||
"idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
|
||||
"maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
|
||||
"maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
},
|
||||
"upstreamHttpProtocolOptions": {},
|
||||
"useDownstreamProtocolConfig": {}
|
||||
}
|
||||
},
|
||||
"cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s",
|
||||
"transportSocket": {
|
||||
"name": "cilium.tls_wrapper",
|
||||
"typedConfig": {
|
||||
"@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "egress-cluster",
|
||||
"type": "ORIGINAL_DST",
|
||||
"connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
|
||||
"lbPolicy": "CLUSTER_PROVIDED",
|
||||
"typedExtensionProtocolOptions": {
|
||||
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
|
||||
"commonHttpProtocolOptions": {
|
||||
"idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
|
||||
"maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
|
||||
"maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
},
|
||||
"useDownstreamProtocolConfig": {}
|
||||
}
|
||||
},
|
||||
"cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
|
||||
},
|
||||
{
|
||||
"name": "ingress-cluster-tls",
|
||||
"type": "ORIGINAL_DST",
|
||||
"connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
|
||||
"lbPolicy": "CLUSTER_PROVIDED",
|
||||
"typedExtensionProtocolOptions": {
|
||||
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
|
||||
"commonHttpProtocolOptions": {
|
||||
"idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
|
||||
"maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
|
||||
"maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
},
|
||||
"upstreamHttpProtocolOptions": {},
|
||||
"useDownstreamProtocolConfig": {}
|
||||
}
|
||||
},
|
||||
"cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s",
|
||||
"transportSocket": {
|
||||
"name": "cilium.tls_wrapper",
|
||||
"typedConfig": {
|
||||
"@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "xds-grpc-cilium",
|
||||
"type": "STATIC",
|
||||
"connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
|
||||
"loadAssignment": {
|
||||
"clusterName": "xds-grpc-cilium",
|
||||
"endpoints": [
|
||||
{
|
||||
"lbEndpoints": [
|
||||
{
|
||||
"endpoint": {
|
||||
"address": {
|
||||
"pipe": {
|
||||
"path": "/var/run/cilium/envoy/sockets/xds.sock"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"typedExtensionProtocolOptions": {
|
||||
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
|
||||
"explicitHttpConfig": {
|
||||
"http2ProtocolOptions": {}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "/envoy-admin",
|
||||
"type": "STATIC",
|
||||
"connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
|
||||
"loadAssignment": {
|
||||
"clusterName": "/envoy-admin",
|
||||
"endpoints": [
|
||||
{
|
||||
"lbEndpoints": [
|
||||
{
|
||||
"endpoint": {
|
||||
"address": {
|
||||
"pipe": {
|
||||
"path": "/var/run/cilium/envoy/sockets/admin.sock"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"dynamicResources": {
|
||||
"ldsConfig": {
|
||||
"initialFetchTimeout": "{{ .Values.envoy.initialFetchTimeoutSeconds }}s",
|
||||
"apiConfigSource": {
|
||||
"apiType": "GRPC",
|
||||
"transportApiVersion": "V3",
|
||||
"grpcServices": [
|
||||
{
|
||||
"envoyGrpc": {
|
||||
"clusterName": "xds-grpc-cilium"
|
||||
}
|
||||
}
|
||||
],
|
||||
"setNodeOnFirstMessageOnly": true
|
||||
},
|
||||
"resourceApiVersion": "V3"
|
||||
},
|
||||
"cdsConfig": {
|
||||
"initialFetchTimeout": "{{ .Values.envoy.initialFetchTimeoutSeconds }}s",
|
||||
"apiConfigSource": {
|
||||
"apiType": "GRPC",
|
||||
"transportApiVersion": "V3",
|
||||
"grpcServices": [
|
||||
{
|
||||
"envoyGrpc": {
|
||||
"clusterName": "xds-grpc-cilium"
|
||||
}
|
||||
}
|
||||
],
|
||||
"setNodeOnFirstMessageOnly": true
|
||||
},
|
||||
"resourceApiVersion": "V3"
|
||||
}
|
||||
},
|
||||
"bootstrapExtensions": [
|
||||
{
|
||||
"name": "envoy.bootstrap.internal_listener",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"
|
||||
}
|
||||
}
|
||||
],
|
||||
"overload_manager": {
|
||||
"resource_monitors": [
|
||||
{
|
||||
"name": "envoy.resource_monitors.global_downstream_max_connections",
|
||||
"typed_config": {
|
||||
"@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
|
||||
"max_active_downstream_connections": "50000"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"admin": {
|
||||
"address": {
|
||||
"pipe": {
|
||||
"path": "/var/run/cilium/envoy/sockets/admin.sock"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,280 @@
|
||||
node:
|
||||
id: "host~127.0.0.1~no-id~localdomain"
|
||||
cluster: "ingress-cluster"
|
||||
staticResources:
|
||||
listeners:
|
||||
{{- if .Values.envoy.prometheus.enabled }}
|
||||
- name: "envoy-prometheus-metrics-listener"
|
||||
address:
|
||||
socketAddress:
|
||||
address: "0.0.0.0"
|
||||
portValue: {{ .Values.envoy.prometheus.port }}
|
||||
filterChains:
|
||||
- filters:
|
||||
- name: "envoy.filters.network.http_connection_manager"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
|
||||
statPrefix: "envoy-prometheus-metrics-listener"
|
||||
routeConfig:
|
||||
virtualHosts:
|
||||
- name: "prometheus_metrics_route"
|
||||
domains:
|
||||
- "*"
|
||||
routes:
|
||||
- name: "prometheus_metrics_route"
|
||||
match:
|
||||
prefix: "/metrics"
|
||||
route:
|
||||
cluster: "/envoy-admin"
|
||||
prefixRewrite: "/stats/prometheus"
|
||||
httpFilters:
|
||||
- name: "envoy.filters.http.router"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
||||
internalAddressConfig:
|
||||
cidrRanges:
|
||||
{{- if .Values.ipv4.enabled }}
|
||||
- addressPrefix: "10.0.0.0"
|
||||
prefixLen: 8
|
||||
- addressPrefix: "172.16.0.0"
|
||||
prefixLen: 12
|
||||
- addressPrefix: "192.168.0.0"
|
||||
prefixLen: 16
|
||||
- addressPrefix: "127.0.0.1"
|
||||
prefixLen: 32
|
||||
{{- end }}
|
||||
{{- if .Values.ipv6.enabled }}
|
||||
- addressPrefix: "::1"
|
||||
prefixLen: 128
|
||||
{{- end }}
|
||||
streamIdleTimeout: "0s"
|
||||
{{- end }}
|
||||
{{- if and .Values.envoy.debug.admin.enabled }}
|
||||
- name: "envoy-admin-listener"
|
||||
address:
|
||||
socketAddress:
|
||||
address: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
|
||||
portValue: {{ .Values.envoy.debug.admin.port }}
|
||||
{{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
|
||||
additionalAddresses:
|
||||
- address:
|
||||
socketAddress:
|
||||
address: "::1"
|
||||
portValue: {{ .Values.envoy.debug.admin.port }}
|
||||
{{- end }}
|
||||
filterChains:
|
||||
- filters:
|
||||
- name: "envoy.filters.network.http_connection_manager"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
|
||||
statPrefix: "envoy-admin-listener"
|
||||
routeConfig:
|
||||
virtual_hosts:
|
||||
- name: "admin_route"
|
||||
domains:
|
||||
- "*"
|
||||
routes:
|
||||
- name: "admin_route"
|
||||
match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: "/envoy-admin"
|
||||
prefixRewrite: "/"
|
||||
httpFilters:
|
||||
- name: "envoy.filters.http.router"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
||||
internalAddressConfig:
|
||||
cidrRanges:
|
||||
{{- if .Values.ipv4.enabled }}
|
||||
- addressPrefix: "10.0.0.0"
|
||||
prefixLen: 8
|
||||
- addressPrefix: "172.16.0.0"
|
||||
prefixLen: 12
|
||||
- addressPrefix: "192.168.0.0"
|
||||
prefixLen: 16
|
||||
- addressPrefix: "127.0.0.1"
|
||||
prefixLen: 32
|
||||
{{- end }}
|
||||
{{- if .Values.ipv6.enabled }}
|
||||
- addressPrefix: "::1"
|
||||
prefixLen: 128
|
||||
{{- end }}
|
||||
streamIdleTimeout: "0s"
|
||||
{{- end }}
|
||||
- name: "envoy-health-listener"
|
||||
address:
|
||||
socketAddress:
|
||||
address: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
|
||||
portValue: {{ .Values.envoy.healthPort }}
|
||||
{{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
|
||||
additionalAddresses:
|
||||
- address:
|
||||
socketAddress:
|
||||
address: "::1"
|
||||
portValue: {{ .Values.envoy.healthPort }}
|
||||
{{- end }}
|
||||
filterChains:
|
||||
- filters:
|
||||
- name: "envoy.filters.network.http_connection_manager"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
|
||||
statPrefix: "envoy-health-listener"
|
||||
routeConfig:
|
||||
virtual_hosts:
|
||||
- name: "health"
|
||||
domains:
|
||||
- "*"
|
||||
routes:
|
||||
- name: "health"
|
||||
match:
|
||||
prefix: "/healthz"
|
||||
route:
|
||||
cluster: "/envoy-admin"
|
||||
prefixRewrite: "/ready"
|
||||
httpFilters:
|
||||
- name: "envoy.filters.http.router"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
||||
internalAddressConfig:
|
||||
cidrRanges:
|
||||
{{- if .Values.ipv4.enabled }}
|
||||
- addressPrefix: "10.0.0.0"
|
||||
prefixLen: 8
|
||||
- addressPrefix: "172.16.0.0"
|
||||
prefixLen: 12
|
||||
- addressPrefix: "192.168.0.0"
|
||||
prefixLen: 16
|
||||
- addressPrefix: "127.0.0.1"
|
||||
prefixLen: 32
|
||||
{{- end }}
|
||||
{{- if .Values.ipv6.enabled }}
|
||||
- addressPrefix: "::1"
|
||||
prefixLen: 128
|
||||
{{- end }}
|
||||
streamIdleTimeout: "0s"
|
||||
clusters:
|
||||
- name: "ingress-cluster"
|
||||
type: "ORIGINAL_DST"
|
||||
connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
|
||||
lbPolicy: "CLUSTER_PROVIDED"
|
||||
typedExtensionProtocolOptions:
|
||||
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
|
||||
commonHttpProtocolOptions:
|
||||
idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
|
||||
maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
|
||||
maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
useDownstreamProtocolConfig: {}
|
||||
cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
|
||||
- name: "egress-cluster-tls"
|
||||
type: "ORIGINAL_DST"
|
||||
connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
|
||||
lbPolicy: "CLUSTER_PROVIDED"
|
||||
typedExtensionProtocolOptions:
|
||||
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
|
||||
commonHttpProtocolOptions:
|
||||
idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
|
||||
maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
|
||||
maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
upstreamHttpProtocolOptions: {}
|
||||
useDownstreamProtocolConfig: {}
|
||||
cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
|
||||
transportSocket:
|
||||
name: "cilium.tls_wrapper"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
|
||||
- name: "egress-cluster"
|
||||
type: "ORIGINAL_DST"
|
||||
connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
|
||||
lbPolicy: "CLUSTER_PROVIDED"
|
||||
typedExtensionProtocolOptions:
|
||||
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
|
||||
commonHttpProtocolOptions:
|
||||
idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
|
||||
maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
|
||||
maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
useDownstreamProtocolConfig: {}
|
||||
cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
|
||||
- name: "ingress-cluster-tls"
|
||||
type: "ORIGINAL_DST"
|
||||
connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
|
||||
lbPolicy: "CLUSTER_PROVIDED"
|
||||
typedExtensionProtocolOptions:
|
||||
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
|
||||
commonHttpProtocolOptions:
|
||||
idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
|
||||
maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
|
||||
maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
|
||||
upstreamHttpProtocolOptions: {}
|
||||
useDownstreamProtocolConfig: {}
|
||||
cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
|
||||
transportSocket:
|
||||
name: "cilium.tls_wrapper"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
|
||||
- name: "xds-grpc-cilium"
|
||||
type: "STATIC"
|
||||
connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
|
||||
loadAssignment:
|
||||
clusterName: "xds-grpc-cilium"
|
||||
endpoints:
|
||||
- lbEndpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
pipe:
|
||||
path: "/var/run/cilium/envoy/sockets/xds.sock"
|
||||
typedExtensionProtocolOptions:
|
||||
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
|
||||
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
|
||||
explicitHttpConfig:
|
||||
http2ProtocolOptions: {}
|
||||
- name: "/envoy-admin"
|
||||
type: "STATIC"
|
||||
connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
|
||||
loadAssignment:
|
||||
clusterName: "/envoy-admin"
|
||||
endpoints:
|
||||
- lbEndpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
pipe:
|
||||
path: "/var/run/cilium/envoy/sockets/admin.sock"
|
||||
dynamicResources:
|
||||
ldsConfig:
|
||||
initialFetchTimeout: "{{ .Values.envoy.initialFetchTimeoutSeconds }}s"
|
||||
apiConfigSource:
|
||||
apiType: "GRPC"
|
||||
transportApiVersion: "V3"
|
||||
grpcServices:
|
||||
- envoyGrpc:
|
||||
clusterName: "xds-grpc-cilium"
|
||||
setNodeOnFirstMessageOnly: true
|
||||
resourceApiVersion: "V3"
|
||||
cdsConfig:
|
||||
initialFetchTimeout: "{{ .Values.envoy.initialFetchTimeoutSeconds }}s"
|
||||
apiConfigSource:
|
||||
apiType: "GRPC"
|
||||
transportApiVersion: "V3"
|
||||
grpcServices:
|
||||
- envoyGrpc:
|
||||
clusterName: "xds-grpc-cilium"
|
||||
setNodeOnFirstMessageOnly: true
|
||||
resourceApiVersion: "V3"
|
||||
bootstrapExtensions:
|
||||
- name: "envoy.bootstrap.internal_listener"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"
|
||||
overloadManager:
|
||||
resourceMonitors:
|
||||
- name: "envoy.resource_monitors.global_downstream_max_connections"
|
||||
typedConfig:
|
||||
"@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig"
|
||||
max_active_downstream_connections: "50000"
|
||||
admin:
|
||||
address:
|
||||
pipe:
|
||||
path: "/var/run/cilium/envoy/sockets/admin.sock"
|
||||
@@ -315,13 +315,9 @@ spec:
|
||||
{{- end}}
|
||||
- name: cilium-run
|
||||
mountPath: /var/run/cilium
|
||||
{{- /* mount the directory if socketLB.enabled is true and socketLB.terminatePodConnections is not explicitly set to false */ -}}
|
||||
{{- if or (and (kindIs "invalid" .Values.socketLB.terminatePodConnections) .Values.socketLB.enabled)
|
||||
(and .Values.socketLB.enabled .Values.socketLB.terminatePodConnections) }}
|
||||
- name: cilium-netns
|
||||
mountPath: /var/run/cilium/netns
|
||||
mountPropagation: HostToContainer
|
||||
{{- end}}
|
||||
- name: etc-cni-netd
|
||||
mountPath: {{ .Values.cni.hostConfDirMountPath }}
|
||||
{{- if .Values.etcd.enabled }}
|
||||
@@ -797,14 +793,11 @@ spec:
|
||||
hostPath:
|
||||
path: {{ .Values.daemon.runPath }}
|
||||
type: DirectoryOrCreate
|
||||
{{- if or (and (kindIs "invalid" .Values.socketLB.terminatePodConnections) .Values.socketLB.enabled)
|
||||
(and .Values.socketLB.enabled .Values.socketLB.terminatePodConnections) }}
|
||||
# To exec into pod network namespaces
|
||||
- name: cilium-netns
|
||||
hostPath:
|
||||
path: /var/run/netns
|
||||
type: DirectoryOrCreate
|
||||
{{- end }}
|
||||
{{- if .Values.bpf.autoMount.enabled }}
|
||||
# To keep state between restarts / upgrades for bpf maps
|
||||
- name: bpf-maps
|
||||
|
||||
@@ -513,10 +513,10 @@ data:
|
||||
subnet-ids-filter: {{ .Values.eni.subnetIDsFilter | join " " | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.eni.subnetTagsFilter }}
|
||||
subnet-tags-filter: {{ .Values.eni.subnetTagsFilter | join " " | quote }}
|
||||
subnet-tags-filter: {{ .Values.eni.subnetTagsFilter | join "," | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.eni.instanceTagsFilter }}
|
||||
instance-tags-filter: {{ .Values.eni.instanceTagsFilter | join " " | quote }}
|
||||
instance-tags-filter: {{ .Values.eni.instanceTagsFilter | join "," | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ if .Values.eni.gcInterval }}
|
||||
@@ -718,8 +718,6 @@ data:
|
||||
{{- end }}
|
||||
{{- if hasKey $socketLB "terminatePodConnections" }}
|
||||
bpf-lb-sock-terminate-pod-connections: {{ $socketLB.terminatePodConnections | quote }}
|
||||
{{- else if hasKey $socketLB "enabled" }}
|
||||
bpf-lb-sock-terminate-pod-connections: {{ $socketLB.enabled | quote }}
|
||||
{{- end }}
|
||||
{{- if hasKey $socketLB "tracing" }}
|
||||
trace-sock: {{ $socketLB.tracing | quote }}
|
||||
|
||||
@@ -12,6 +12,7 @@ metadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- (tpl (.Files.Glob "files/cilium-envoy/configmap/bootstrap-config.json").AsConfig .) | nindent 2 }}
|
||||
|
||||
# Keep the key name as bootstrap-config.json to avoid breaking changes
|
||||
bootstrap-config.json: |
|
||||
{{- (tpl (.Files.Get "files/cilium-envoy/configmap/bootstrap-config.yaml") .) | fromYaml | toJson | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -13,24 +13,12 @@ server {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
# CORS
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 1728000;
|
||||
add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
|
||||
add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
# /CORS
|
||||
|
||||
location {{ .Values.hubble.ui.baseUrl }}api {
|
||||
{{- if not (eq .Values.hubble.ui.baseUrl "/") }}
|
||||
rewrite ^{{ (trimSuffix "/" .Values.hubble.ui.baseUrl) }}(/.*)$ $1 break;
|
||||
{{- end }}
|
||||
proxy_http_version 1.1;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
{{- if eq .Values.hubble.ui.baseUrl "/" }}
|
||||
proxy_pass http://127.0.0.1:8090;
|
||||
{{- else }}
|
||||
|
||||
@@ -153,10 +153,10 @@ image:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/cilium"
|
||||
tag: "v1.16.5"
|
||||
tag: "v1.16.6"
|
||||
pullPolicy: "IfNotPresent"
|
||||
# cilium-digest
|
||||
digest: "sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d"
|
||||
digest: "sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da"
|
||||
useDigest: true
|
||||
# -- Affinity for cilium-agent.
|
||||
affinity:
|
||||
@@ -1314,9 +1314,9 @@ hubble:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/hubble-relay"
|
||||
tag: "v1.16.5"
|
||||
tag: "v1.16.6"
|
||||
# hubble-relay-digest
|
||||
digest: "sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00"
|
||||
digest: "sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- Specifies the resources for the hubble-relay pods
|
||||
@@ -2165,9 +2165,9 @@ envoy:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/cilium-envoy"
|
||||
tag: "v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8"
|
||||
tag: "v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5"
|
||||
pullPolicy: "IfNotPresent"
|
||||
digest: "sha256:709c08ade3d17d52da4ca2af33f431360ec26268d288d9a6cd1d98acc9a1dced"
|
||||
digest: "sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88"
|
||||
useDigest: true
|
||||
# -- Additional containers added to the cilium Envoy DaemonSet.
|
||||
extraContainers: []
|
||||
@@ -2480,15 +2480,15 @@ operator:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/operator"
|
||||
tag: "v1.16.5"
|
||||
tag: "v1.16.6"
|
||||
# operator-generic-digest
|
||||
genericDigest: "sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039"
|
||||
genericDigest: "sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc"
|
||||
# operator-azure-digest
|
||||
azureDigest: "sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9"
|
||||
azureDigest: "sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd"
|
||||
# operator-aws-digest
|
||||
awsDigest: "sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476"
|
||||
awsDigest: "sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d"
|
||||
# operator-alibabacloud-digest
|
||||
alibabacloudDigest: "sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0"
|
||||
alibabacloudDigest: "sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
suffix: ""
|
||||
@@ -2762,9 +2762,9 @@ preflight:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/cilium"
|
||||
tag: "v1.16.5"
|
||||
tag: "v1.16.6"
|
||||
# cilium-digest
|
||||
digest: "sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d"
|
||||
digest: "sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- The priority class to use for the preflight pod.
|
||||
@@ -2911,9 +2911,9 @@ clustermesh:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/clustermesh-apiserver"
|
||||
tag: "v1.16.5"
|
||||
tag: "v1.16.6"
|
||||
# clustermesh-apiserver-digest
|
||||
digest: "sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958"
|
||||
digest: "sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- TCP port for the clustermesh-apiserver health API.
|
||||
@@ -3412,7 +3412,7 @@ authentication:
|
||||
override: ~
|
||||
repository: "docker.io/library/busybox"
|
||||
tag: "1.36.1"
|
||||
digest: "sha256:d75b758a4fea99ffff4db799e16f853bbde8643671b5b72464a8ba94cbe3dbe3"
|
||||
digest: "sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# SPIRE agent configuration
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
ARG VERSION=v1.16.5
|
||||
ARG VERSION=v1.16.6
|
||||
FROM quay.io/cilium/cilium:${VERSION}
|
||||
|
||||
@@ -12,7 +12,7 @@ cilium:
|
||||
mode: "kubernetes"
|
||||
image:
|
||||
repository: ghcr.io/aenix-io/cozystack/cilium
|
||||
tag: 1.16.5
|
||||
digest: "sha256:eae9d5531c115f8946990a731bfaaebc905b020a2957559b3c9f2ce1c655a834"
|
||||
tag: 1.16.6
|
||||
digest: "sha256:cf64df62897b071d5a9a005564ecbfb9124aa82a96957e329ce28a187864f113"
|
||||
envoy:
|
||||
enabled: false
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
apiVersion: v2
|
||||
name: cozy-cozystack-api
|
||||
name: cozy-cozy-proxy
|
||||
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
image:
|
||||
repository: ghcr.io/aenix-io/cozystack/cozy-proxy
|
||||
tag: v0.1.0
|
||||
tag: v0.1.1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
daemonset:
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystackAPI:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.24.1@sha256:ab6f4852be7d2be5deea8ace6f8901d8cbf41e87d219fdb805047f7a2bcbd2ed
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.25.0@sha256:513c49f8e2c1e2489faff03aacfcd609324ed5dc31ac594f9dd8a6feec0e7884
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
cozystackController:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-controller:v0.24.1@sha256:e59a04c072c0c50c3174b34329830d05266f3c87a4235dc8fbd78d91be9ceb2c
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-controller:v0.25.0@sha256:9fe9369a88f7bf317bf84cf05fe733f50879467bf7b2ab58f50d914ff1b253cc
|
||||
debug: false
|
||||
disableTelemetry: false
|
||||
cozystackVersion: "v0.24.1"
|
||||
cozystackVersion: "v0.25.0"
|
||||
|
||||
@@ -76,7 +76,7 @@ data:
|
||||
"kubeappsNamespace": {{ .Release.Namespace | quote }},
|
||||
"helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
|
||||
"carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
|
||||
"appVersion": "v0.24.1",
|
||||
"appVersion": "v0.25.0",
|
||||
"authProxyEnabled": {{ .Values.authProxy.enabled }},
|
||||
"oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
|
||||
"oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
|
||||
|
||||
@@ -40,13 +40,13 @@ kubeapps:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: dashboard
|
||||
tag: v0.24.1
|
||||
tag: v0.25.0
|
||||
digest: "sha256:81e7b625c667bce5fc339eb97c8e115eafb82f66df4501550b3677ac53f6e234"
|
||||
kubeappsapis:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: kubeapps-apis
|
||||
tag: v0.24.1
|
||||
tag: v0.25.0
|
||||
digest: "sha256:72308ae00344d48e7ed58c5b1383874e84bcd82ac53b76857172b9ef510d53a6"
|
||||
pluginConfig:
|
||||
flux:
|
||||
|
||||
@@ -3,7 +3,7 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.24.1@sha256:97a69a1ec6669d395f1d6875998903f94faf8f171d2c29f35c2f8b66fa06e676
|
||||
tag: v0.25.0@sha256:948a496a23b4b3158517473afd74a693380bfecb9f5346c214c8beef6deb405a
|
||||
repository: ghcr.io/aenix-io/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -22,4 +22,4 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kubeovn
|
||||
tag: v1.13.2@sha256:f7c33e8b29dfe0fa908db994cdb8c4026ac562975e9ad70c8a4c81c0319d62a9
|
||||
tag: v1.13.2@sha256:fccaf6b1f6514378f4ba2e17399af5b0c20ecf13f78142409848486b0992e5fd
|
||||
|
||||
Reference in New Issue
Block a user