diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index cd7d76020a..ef5a21cc2e 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -38,7 +38,7 @@ dependencies: repository: https://istio-release.storage.googleapis.com/charts - name: gateway alias: istio-gateway - version: 1.26.1 + version: 1.27.0 repository: https://istio-release.storage.googleapis.com/charts - name: istiod version: 1.26.1 diff --git a/charts/istio-gateway/Chart.yaml b/charts/istio-gateway/Chart.yaml index 23b1997698..3df0e88dc8 100644 --- a/charts/istio-gateway/Chart.yaml +++ b/charts/istio-gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.26.1 +appVersion: 1.27.0 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.26.1 +version: 1.27.0 diff --git a/charts/istio-gateway/files/profile-ambient.yaml b/charts/istio-gateway/files/profile-ambient.yaml index 2805fe46bf..495fbcd434 100644 --- a/charts/istio-gateway/files/profile-ambient.yaml +++ b/charts/istio-gateway/files/profile-ambient.yaml @@ -7,6 +7,13 @@ meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL global: variant: distroless pilot: diff --git a/charts/istio-gateway/files/profile-compatibility-version-1.23.yaml b/charts/istio-gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5b..0000000000 --- a/charts/istio-gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/charts/istio-gateway/files/profile-compatibility-version-1.24.yaml b/charts/istio-gateway/files/profile-compatibility-version-1.24.yaml index b211c82666..4f3dbef7ea 100644 --- a/charts/istio-gateway/files/profile-compatibility-version-1.24.yaml +++ b/charts/istio-gateway/files/profile-compatibility-version-1.24.yaml @@ -6,6 +6,8 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" ambient: dnsCapture: false reconcileIptablesOnStartup: false diff --git a/charts/istio-gateway/files/profile-compatibility-version-1.25.yaml b/charts/istio-gateway/files/profile-compatibility-version-1.25.yaml index eb8827cd50..b2f45948c2 100644 --- a/charts/istio-gateway/files/profile-compatibility-version-1.25.yaml +++ b/charts/istio-gateway/files/profile-compatibility-version-1.25.yaml @@ -2,6 +2,10 @@ # The original version of this file is located at /manifests/helm-profiles directory. # If you want to make a change in this file, edit the original one and run "make gen". +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" ambient: # 1.26 behavioral changes shareHostNetworkNamespace: true diff --git a/charts/istio-gateway/files/profile-compatibility-version-1.26.yaml b/charts/istio-gateway/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/charts/istio-gateway/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/charts/istio-gateway/templates/deployment.yaml b/charts/istio-gateway/templates/deployment.yaml index d83ff3b493..1d8f93a472 100644 --- a/charts/istio-gateway/templates/deployment.yaml +++ b/charts/istio-gateway/templates/deployment.yaml @@ -63,6 +63,10 @@ spec: volumes: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: istio-proxy # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection @@ -95,6 +99,9 @@ spec: - name: {{ $key }} value: {{ $val | quote }} {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} ports: - containerPort: 15090 protocol: TCP @@ -109,6 +116,13 @@ spec: readinessProbe: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/istio-gateway/values.schema.json b/charts/istio-gateway/values.schema.json index 3108259a94..644966ded3 100644 --- a/charts/istio-gateway/values.schema.json +++ b/charts/istio-gateway/values.schema.json @@ -299,6 +299,17 @@ }, "priorityClassName": { "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object" + }, + "preStop": { + "type": "object" + } + } } } } diff --git a/charts/istio-gateway/values.yaml b/charts/istio-gateway/values.yaml index 4e65676ba1..c0147ce210 100644 --- a/charts/istio-gateway/values.yaml +++ b/charts/istio-gateway/values.yaml @@ -86,6 +86,18 @@ _internal_defaults_do_not_set: # Pod environment variables env: {} + # Use envVarFrom to define full environment variable entries with complex sources, + # such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`. + # + # Example: + # envVarFrom: + # - name: EXAMPLE_SECRET + # valueFrom: + # secretKeyRef: + # name: example-name + # key: example-key + envVarFrom: [] + # Deployment Update strategy strategy: {} @@ -163,8 +175,18 @@ _internal_defaults_do_not_set: # https://kubernetes.io/docs/concepts/storage/volumes/. volumeMounts: [] + # Inject initContainers into the Gateway Pods. + initContainers: [] + + # Inject additional containers into the Gateway Pods. + additionalContainers: [] + # Configure this to a higher priority class in order to make sure your Istio gateway pods # will not be killed because of low priority class. # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass # for more detail. priorityClassName: "" + + # Configure the lifecycle hooks for the gateway. See + # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/. + lifecycle: {}